Illegal parameter...even after 'accept'

Question

I am in the process of building a policy and am stuck with one parameter that is causing me headaches.  It looks like this: 
&nbsp;  
&nbsp;  
&nbsp; ['DateBox.TodayFormat'] 
&nbsp;  
&nbsp;  
&nbsp; A couple of things to note: 
&nbsp; 1) ASM recognizes the parameter as  and recognizes everything after that as parameter value 
&nbsp; 2) I have copied the text as presented in the web page, but ASM picks up on the unprintable metacharacters (space, tab, carriage return) in addition to the obvious brackets, quotes etc. 
&nbsp; 3) When 'accepting' the violation, I select "Static content" and ASM inserts the entire value string, _minus_ the unprintable metacharacters 
&nbsp; 4) If I define level as "URL parameter", ASM kicks back not only illegal parameter, but unknown level.  If I define level as "Global Parameter", ASM kicks back illegal parameter, but recognizes it as global level. 
&nbsp; 5) I've tried inserting the unprintables 0xd, 0x9 and 0x20 into the value string and addding it as static content, and ASM still kicks back an illegal parameter error.   
&nbsp;  
&nbsp; I'm out of ideas.  Any suggestions? 
&nbsp; - J

hooleylist · Answer

That looks like the application's code--not the HTML that would be sent to the client nor a parameter or payload that the client would send to the application.  Can you post an anonymized copy of the HTTP headers and payload from a browser plugin like HttpFox for Firefox or Fiddler for IE? 
&nbsp;  
&nbsp; Thanks, 
&nbsp; Aaron

salishseasecurity · Answer

Hoolio, 
&nbsp;  
&nbsp; Thank you for the reply.  I found my problem: it's XML.  I didn't know the app used XML when I configured it in ASM.  I've been using Paros to capture the web traffic, but Paros doesn't do any analysis.  Since I'm no web app maven (more of a network security guy), I didn't know what I was looking at.  When I captured some traffic with Wireshark, it was clearly labeled XML. 
&nbsp;  
&nbsp; I've gone back to the system owner and asked for the XML schema.  I'm sure I'll be back online here when I dive into that configuration. 
&nbsp;  
&nbsp; Thanks very much for the browser plugin tips. 
&nbsp;  
&nbsp; Regards, 
&nbsp; Jason

Forum Discussion

Illegal parameter...even after 'accept'

2 Replies

Recent Discussions

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Related Content

Geolocation accept per url path

With the ASM, can illegal requests be CSV exported?

Difference between Insert X-Forwarded-For and Accept XFF?

iRule to accept client then SSL cert validation

How to fix your hotel TV when it won’t accept your HDMI input