[ASM] Actual parameter name is not actual parameter

Question

Hi All,i have a illegal request that triggered illegal meta character in parameter name, in violation details explain that "actual parameter name" in my thought is not actually parameter name, the request and violation detail capture on below. how can i whitelist if this actual parameter name is random value? not consist a word like param1, param2, etc&nbsp;&nbsp;&nbsp;

daniel_wolf · Answer

Hi&nbsp;Bugs17,
ASM discovers the curly brackets {} and treats them as form data, there they cause a violation.Looking at your screenshot, it's not form data but JSON. Therefore this is causing a false positive.
Take a look at this support solution:&nbsp;K35204784: Parameter Location in Violation Detail shows "Form Data" but request is JSON.
Hope this helps.
KRDaniel

Forum Discussion

[ASM] Actual parameter name is not actual parameter

1 Reply

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

Brute Force protection for single parameter like OTP

Wildcard Parameter signature attack

HTTP auth - Calling external API with parameters

Parameter Value - Regular Expression

AWAF Path Parameters with OPENAPI json file