cancel
Showing results for 
Search instead for 
Did you mean: 

ASM don't block XSS

GlaseRing
Nimbostratus
Nimbostratus

hi all,

why the asm don't block this : "</script><script>window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()</script>"><script>alert(150)</script>&arguments=-N2019,-A,-N325,-N0"

all the XSS signature are enabled and i see in the security logs that there is some XSS attacks that get blocked.

4 REPLIES 4

Erik_Novak
F5 Employee
F5 Employee

That string should trigger an attack signature violation. On my system, the attack signature ID is 200001475. Do you see that signature in your event log and is it possible that the signature is in staging?

GlaseRing
Nimbostratus
Nimbostratus

it's not in staging.

i don't see it in the log.

i had some override on different URL and i deleted it and still no block.

what am i missing?

Erik_Novak
F5 Employee
F5 Employee

How is that string being passed to the application? Is it via form input? Does that form input have parameters which are defined in the policy? If so, are XSS attack signatures applied to the parameter, and is the parameter enforced or in staging? Also, verify that the request is passing through the virtual server. It's possible that random tags, such as your first </script> example are not perceived as threats because a closing tag such as that, by itself, is not a threat.

GlaseRing
Nimbostratus
Nimbostratus

Thank you Erik,

I found my missed configuration on the parameter.