unblock illegal parameters

Question

what is the best practice for ASM policy?If I have unchecked "illegal parameter" from policy, is this risky? or we can mitigate this by doing sth.

ivan_chernenkii · Answer

It depends on what you are trying to achieve... Could you provide a little bit more information about what issue you trying to solve by disabling this violation?

the_blue · Answer

I have dynamic parameters, so each time asm block the parameter. That's why I'm asking if i have unchecked this violation is it risky ?

note that all parameter value with meta characters will be blocked.

so how illegal parameters affect website security?

ivan_chernenkii · Answer

There is no 100% correct answer is it risky or not - it depends on application.

If you know all parameters, which are allowed in your app, then defining such list and forbid all other parameter will be a good protection.

The more strict configuration you define, the better protection you will get.

As I see, there are several ways how you can avoid block by "Illegal parameter" violation without disabling it:

If this dynamic parameter is dynamic session ID in URL, then you can use special "Dynamic Session ID in URL" policy setting to define it
If this dynamic parameter is path parameter in URL, then you can create approriate positional parameter for that URL
If this dynamic parameter is actual for specific URLs flow only, then you can define this URLs flow and create parameter with Parameter Value Type = "Dynamic parameter name" for it
You can create appropriate wildcard or pure wildcard parameter to match this dynamic parameter. It should be better, then just disabled "Illegal Parameter" violation, because in such case you will have abbility to adjust enforcement for this dynamic parameter at least by properties of appropriate wildcard

Thanks, Ivan

the_blue · Answer

If I have  this parameters:Terms[1].GroupsTerms[2].GroupsTerms[3].Groupsand so on,I have create one parameter Terms[*].Groups , but the new parameter ex Terms[4].Groups does't match the wildcard why?

ivan_chernenkii · Answer

Hello,&nbsp;This happens because you have special characters in name of wildcard parameter.To make it work like special character you need to create wildcard parameter with name Terms$$*$$.Groups&nbsp;Thanks, Ivan

Forum Discussion

unblock illegal parameters

6 Replies

Recent Discussions

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

no available managed rule groups for Israel il-central-1

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

Brute Force protection for single parameter like OTP

With the ASM, can illegal requests be CSV exported?

Wildcard Parameter signature attack

HTTP auth - Calling external API with parameters

AWAF Path Parameters with OPENAPI json file