Forum Discussion
Piotr,
You ask a lot of good questions. Regarding:
When Explicit URL is defined in Allowed URLs it's possible to check Perform Staging.
Yes learned entities may be in staging. Learning of allowed entities (file types, urls, parameters, etc) occurs in two stages. The first stage is learning the explicit entity, for example, index.php. The second stage of learning allows for fine tuning the attributes of the explicit entity. File types have length limitations that can be adjusted. Parameters have a number of attributes such as type, allowed meta-characters, allow empty value, and so on. When ASM learns an entity it is place in staging automatically so you have the opportunity to adjust it's attributes for your application. Once it's correct then it should be taken out of staging (this is also referred to as enforcing or enforced). Only then will ASM block traffic that does not comply with the entities settings, for example, if the query string in a request is more bytes than the policy allows for a file type or an allowed parameter contains a XSS attack. The important thing to remember (as covered earlier in this thread) is that ASM will not block anything that is in staging. For ASM to block traffic the security policy must be in blocking mode, the entity or attack signature must bo out of staging and the relevant violation must be set to block on the Blocking Settings list. Even then ASM may not block sometimes, for example, if an allowed parameter is set to "Ignore value" then ASM does not apply any attack signatures or other security to the value of the parameter.