ASM: "Illegal Request"
I have come across a weird problem. A user access was blocked, with a support ID displayed. After searching the event log withe the support ID, I found that there was no learning suggestion for the access request, and I could not "accept" the request: the text shown when having the mouse over the grayed-out button of "Accept" was "there was no violation". I had to configure "never block this IP address" to allow the request through. And the log entry showed that this was an "illegal" request. Is there a way to allow an "illegal" request through in this situation? The IP address based solution is only temporary as the user was on a dynamic address.
asm irule to unblock upon violation based on type
Hello, I created a custom attack signature to block access to WSDL and sets Attack Type to "Information Leakage". Works fine and blocks stuff. blabla.com/ws/test?wsdl gets blocked. Now I needed it unblocked for certain destinations. I added an iRule to unblock it in case it is a destination in the list datagroup_webservice-prod for example entry from the datagroup is /ws/test2 Checked the trigger iRule box in ASM under proper policy. iRule has been attached to the service. What it should do: Someone accesses a wsdl, gets blocked, iRule is activated and checks if url violation is "Information Leakage" and if the destination is in the datagroup, if yes, then unblocks the access and lets the user through. blabla.com/ws/test = ok blabla.com/ws/test?wsdl = blocked Accessing /ws/test2?wsdl = blocked though it should be unblocked. Can someone check if the iRule looks OK?
