big-ip 12.1.2
2 TopicsASM block requests with modified readonly attribute values
Is there a way to block requests whose form was tampered at client side so that a the value of a readonly html input element was set to a new value? UPDATE: We've a input field which has set the readonly attribute if the user is in a specific role, hence it's not editable for him but for users with a more privileged role it is possible to change that value. Sadly!!!, there's no further validation in place. We want to save the pain of implementing the missing validation layer for this quite old application. It would be a huge benefint to usif the ASM- module is able to validate the readonly attribute values against the corresponding value from the response. In case of a mismatch, the attacker has tamperd the inputfield and we want the ASM-module to generate an error. Thanks, a bunch!237Views0likes2Comments