Forum Discussion
Yoann_Le_Corvi1
Apr 12, 2019Cumulonimbus
Hi
What I have used in the past for that is the ASM::unblock
With a more precise regex, match the URL with email addresses (send us an example if you want I'll try to help with the regex 🙂 ), and for thos URL, if a violation of type ILLEGAL FILE TYPE is triggered then unblock it.
An exemple in my code :
if { $uri starts_with "/app/rpc"} {
if { $asmviolation equals "VIOLATION_ATTACK_SIGNATURE_DETECTED" || $asmviolation equals "VIOLATION_METACHAR_IN_DEF_PARAM"} {
log local0. "DEBUG!! ASM EXCEPTION - ALLOW $uri - VIOLATION : $asmviolation"
ASM::unblock
}
}
You can also group your exceptions regex in a datagroup.
Hope this helps.