Forum Discussion

Nimbostratus

Nov 17, 2008

XSS scripting / false positive

Hi all, My ASM xss script tag (paramter) signature is falsely triggered due to the following value of a couple of parameters: initfunc(true,false,'Mandatory Field','Value cannot ...

app sec

BIG-IP Access Policy Manager (APM)

security

Ido_Breger_3805

Historic F5 Account

Nov 17, 2008

Hi,

It is probably possible to ask the web developers to change the code, however we can also try to help you with better configuration of that parameter on ASM, it may be very possible to reduce the risk of XSS condition to minimum with setting a few limits on the parameter itself, like length and allowed metachars or even a regexp that will describe the allowed value

Can you send us a few examples of the valid values to this parameter?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

XSS scripting / false positive

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

F5 Health Monitor Receive String as JSON

Rewrite content in XML schema file.

DNS Request to VS?

Guide for exam 402 F5 Certified Solution Expert

HA pair when both Tenants reside on the same Velos chassis

Related Content

F5 Distributed Cloud WAF AI/ML Model to Suppress False Positives

Handle False Positive for files upload

Separating False Positives from Legitimate Violations

CMS causing False Positives

Attack Signature False Positive Mode

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS