Wildcard Parameter signature attack

Clk · ‎14-Dec-2022

Hi,

I have a wildcard * Parameter and it's not found signature attack.

Tried to make an SQL injection with only the wildcard Parameter and the request didn't show the violation, but when adding the parmater name the attacked signature was blocked.

Is the wildcard Parameter not blocking signature attack?

Clk · ‎15-Dec-2022

Thank you for your answers.

The problem was in the Parameter data type, it was in Email type ( i figured that this is the default entity when new policy is created).

In Email type there's no signature enforce.

View solution in original post

Mohamed_Ahmed_Kansoh · ‎14-Dec-2022

Hi @Clk ,

This is the Wildcard parameter from my Lab , an it contains all attack signatures :

> could you clarify more about your request
Regards

_______________________
Regards
Mohamed Kansoh

Clk · ‎14-Dec-2022

I don't have the attack signature tab in the wildcard Parameter, even when switching the value type to auto.

Do i need to change something in the policy setting?

Mohamed_Ahmed_Kansoh · ‎14-Dec-2022

Hi @Clk ,
> What type of your policy ( parent or security policy ) ?
> Could you please send a snap shot from the wild card parameter configuration ?
> What about Data type , Meta characters ??

_______________________
Regards
Mohamed Kansoh

Omar2 · ‎14-Dec-2022

Hello CLK,

Is the wildcard Parameter not blocking signature attack >>> No

just make sure that the policy was in blocking mode, Wildcard Parameter was not in staging mode and finally that your attack signatures also were not in staging mode.

Clk · ‎15-Dec-2022

Thank you for your answers.

The problem was in the Parameter data type, it was in Email type ( i figured that this is the default entity when new policy is created).

In Email type there's no signature enforce.

DevCentral

Wildcard Parameter signature attack

Khoros Kudos Award 2022