Forum Discussion
3 Replies
- ltwagnonRet. Employee
here's a quick writeup on parameter level attack signatures: https://devcentral.f5.com/wiki/AdvDesignConfig.ASM-Parameters-and-Attack-Signatures.ashx
I'm not sure if the evasion technique signature is parameter level or not. I hope this helps!
- Robert_Mann_281Nimbostratus
Is there any update to this? We'd like to disable evasion technique checking on a password parameter. We have allowed alphanumeric and most punctuation characters for password, as well as disabled attack signature checking, however if someone has "%21" as part of their password, this gets blocked as evasion technique "%u decoding". It seems silly that there isn't a way to have the ASM just totally ignore a parameter. How can we disable evasion technique checking on a parameter? We don't want to disable it for the entire policy.
- ltwagnonRet. Employee
Hi Robert. I don't know of a way to disable this particular check on a single parameter because I'm pretty sure this is a "global" ASM check that applies to everything protected by that policy. You can turn off the specific "%u decoding" evasion technique detection, but then it would turn that evasion detection off for the entire policy. The other evasion technique checks would still be enabled, though, so you wouldn't lose complete evasion detection. I'm working to see if an iRule solution might be able to help here. I'll let you know if/when I get anything working.