Cirrostratus
CirrostratusThat SOL8866: Disabling attack signature checks for specific objects has info that I can't figure out:
You can disable attack signature checks for specific objects. This functionality allows you to prevent an attack signature from triggering for a valid URI request, header, parameters or other attributes within the request while leaving the attack signatures in place for the entire policy.
The BIG-IP ASM security policy does not trigger an attack signature if a matching signature is found for an explicitly defined object. To configure an object as an explicit object, to prevent false attack signature triggers, perform the procedure appropriate for your ASM version:
Note: This only applies for signatures that use the objonly attribute. If the signature is written using the uricontent attribute, a specific URL does not cause the attack signature to trigger.
Note: An attack signature is triggered when a signature matches the explicitly defined object and additional parts of the object, if not defined within the explicit object. This behavior is by design; it ensures that the administrator is notified, and information that attempts to pass is flagged if it has not been explicitly defined by the administrator.
I am puzzled especially by two Note entries.
Article is to disable signatures on some entities. That is achieved by defining for example explicit URL, then what they mean in first note?
What second note means? That if part of explicit entity is not specified then signature is triggering violation?
Piotr
AltostratusCirrostratus