For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Clk's avatar
Clk
Icon for Altostratus rankAltostratus
Dec 14, 2022
Solved

Wildcard Parameter signature attack

Hi, I have a wildcard * Parameter and it's not found signature attack. Tried to make an SQL injection with only the wildcard Parameter and the request didn't show the violation, but when adding the...
asm
security
  • Clk's avatar
    Clk
    Dec 15, 2022

    Thank you for your answers.

    The problem was in the Parameter data type, it was in Email type ( i figured that this is the default entity when new policy is created).

    In Email type there's no signature enforce.

Mohamed_Ahmed_Kansoh's avatar
Mohamed_Ahmed_Kansoh
Icon for MVP rankMVP
Dec 14, 2022

Hi Clk , 

This is the Wildcard parameter from my Lab , an it contains all attack signatures : 

> could you clarify more about your request 
Regards 

Clk's avatar
Clk
Icon for Altostratus rankAltostratus
Dec 14, 2022

I don't have the attack signature tab in the wildcard Parameter, even when switching the value type to auto.

Do i need to change something in the policy setting?

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Dec 14, 2022

    Hi Clk , 
    > What type of your policy ( parent or security policy ) ? 
    > Could you please send a snap shot from the wild card parameter configuration ? 
    > What about Data type , Meta characters ??