Execution order of policy

Question

Hi，I know that for a program, there must be a sequence of execution, so what is the sequence of ASM policy？I want to know the order of various protection strategies in a policy. For example, compared with SQL injection and XPath injection, who takes effect first， and what is the order of other protection strategies？

alexbct · Answer

Hi, Is there a particular function you would like to know this for? It may help get you to the answer.&nbsp;
Do keep in mind though that the WAF system works on an "all-match" strategy (all components that are active and get matched will be reported), rather than a "first-match" strategy (like a firewall policy).&nbsp;

小白 · Answer

Obviously, when the blacklist and injection exist at the same time, the blacklist must take effect first, isn't it? Then I believe there is a sequence for the same strategy

Forum Discussion

Execution order of policy

2 Replies

Recent Discussions

preserve client IP on layer 4 VIP

Failed to convert character dclid=%EDclid!

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

iRule Event Order Flowchart

HTTP Event Order -- Access Policy Manager

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

Order of cookies