02-Jun-2022 08:56
Hi All,
i have a illegal request that triggered illegal meta character in parameter name, in violation details explain that "actual parameter name" in my thought is not actually parameter name, the request and violation detail capture on below. how can i whitelist if this actual parameter name is random value? not consist a word like param1, param2, etc
02-Jun-2022 12:16
Hi @Bugs17,
ASM discovers the curly brackets {} and treats them as form data, there they cause a violation.
Looking at your screenshot, it's not form data but JSON. Therefore this is causing a false positive.
Take a look at this support solution: K35204784: Parameter Location in Violation Detail shows "Form Data" but request is JSON.
Hope this helps.
KR
Daniel