cancel
Showing results for 
Search instead for 
Did you mean: 

[ASM] Actual parameter name is not actual parameter

Bugs17
Nimbostratus
Nimbostratus

Hi All,

i have a illegal request that triggered illegal meta character in parameter name, in violation details explain that "actual parameter name" in my thought is not actually parameter name, the request and violation detail capture on below. how can i whitelist if this actual parameter name is random value? not consist a word like param1, param2, etc 

Bugs17_0-1654185058143.png

Bugs17_1-1654185119517.png

 

 

1 REPLY 1

Hi @Bugs17,

ASM discovers the curly brackets {} and treats them as form data, there they cause a violation.
Looking at your screenshot, it's not form data but JSON. Therefore this is causing a false positive.

Take a look at this support solution: K35204784: Parameter Location in Violation Detail shows "Form Data" but request is JSON.

Hope this helps.

KR
Daniel