Forum Discussion
WAF Blocking templates on upload
Hi Guys
Have an issue with templates (html and css) being uploaded to a certain url detects them and blocks as Cross Site Scripting (XSS), Detection Evasion, Other Application Attacks, SQL-Injection
is there anyway to allow them through to the specific area they will only ever come via 1 url
thanks in anvance
when HTTP_CLASS_SELECTED { ASM::enable if { [HTTP::uri] starts_with "/*****" } { ASM::disable } }
If this comes from a trusted developer IP the easiest way would probably be whitelisting him: Security ›› Application Security : IP Addresses : IP Address Exceptions ›› New IP Address Exception...
IP Address Exception Properties IP Addressdeveloper_source_ip Netmask255.255.255.255 Policy Builder trusted IP Disabled Ignore in Anomaly Detection Enabled Ignore in Learning Suggestions Enabled Never block this IP Address Enabled Never log traffic from this IP Address Enabled
- Lyonsy_271608Altocumulus
it comes from a specific URL to upload the template so guessing i give it the static ip of that url it should work?
thanks
- Lyonsy_271608Altocumulus
didnt work via the ip
depending on the attack signature type you might be able to disable it on a parameter.
if you can't you need to do something with different ASM policies. you can't disable based on URI for attack signatures easily shamefully.
- Lyonsy_271608Altocumulus
managed to do this via an irule
when HTTP_CLASS_SELECTED { ASM::enable if { [HTTP::uri] starts_with "/*****" } { ASM::disable } }
- Lyonsy_271608Altocumulus
when HTTP_CLASS_SELECTED { ASM::enable if { [HTTP::uri] starts_with "/*****" } { ASM::disable } }
ah still version 10? or older version 11? have a look at upgrading.
do understand this disables all ASM protection, so not just a few signatures disabled but everything.
it might be better to change ASM policy based on URI, that way you keep some protection at least.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com