ASM Custom signature set behavior.
Hey Folks, Asking a query after a long. I found a limitation with ASM Custom Signature Set configuration, and I need your expert advise to confirm if my understanding is correct or not. We have got a requirement from a customer to block all Javascript based XSS attacks. (They have external pentesting team, who found that their application is vulnerable to XSS for every javascript events). Using the default ASM signature set, it didn't seem to working with Javascript event based XSS attack, however rest of the attacks were being blocked. To achieve customer's requirement, we designed a custom signature set, contains 39 different signatures for every events For eg. , onChange etc. and put all the signatures into a single signature set in ASM. Surprisingly, only first signature worked and rest 38 didn't. I'd take one signature from the list, and configure another signature set, and put this signature into the new signature set. And it worked. This seems that I must have to create individual signature set for individual signatures. Which I feel tedious and time consuming. Prone to error and increase administrative overhead. Could anyone please confirm if this is normal behavior? Is this a limitation of ASM? Thanks in advance, DarshanF5 AWAF/ASM custom violation not seen in the session tracking Delayed Blocking
Hello Everyone, I created a custom violation in AWAF/ASM and I see that I can't use it on the Session tracking "Delay Blocking" feature as I think it has only the predefined violations. I planned to raise this violation when I trigger 2 custom signatures. I have a workaround iRule table command but I just wanted to check.
