Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

[ASM] Actual parameter name is not actual parameter

Bugs17
Nimbostratus
Nimbostratus

‎02-Jun-2022 08:56

Hi All,

i have a illegal request that triggered illegal meta character in parameter name, in violation details explain that "actual parameter name" in my thought is not actually parameter name, the request and violation detail capture on below. how can i whitelist if this actual parameter name is random value? not consist a word like param1, param2, etc 

Bugs17_0-1654185058143.png

Bugs17_1-1654185119517.png

 

 

Labels:
0 Kudos
1 REPLY 1

Daniel_Wolf
MVP
MVP

‎02-Jun-2022 12:16

Hi @Bugs17,

ASM discovers the curly brackets {} and treats them as form data, there they cause a violation.
Looking at your screenshot, it's not form data but JSON. Therefore this is causing a false positive.

Take a look at this support solution: K35204784: Parameter Location in Violation Detail shows "Form Data" but request is JSON.

Hope this helps.

KR
Daniel

Copyright © 2023 Khoros, LLC