Forum Discussion

Mark_Rzepa_1191's avatar
Mark_Rzepa_1191
Icon for Nimbostratus rankNimbostratus
Feb 18, 2014

ASM dynamic parameter enforcement on wildcard url

Greetings,

 

I am using ASM to protect a dynamic parameter that we will call ABC. Currently my parameter is configured as a global, and ASM is doing it's job protecting it.

 

The problem we are currently having is that this parameter only needs to be protected for all URLs that start with: /x/url1/ We can't enforce protection of this parameter if the URL starts with: /y/url2

 

We have over 100 additional urls under the "/x/url1/" which would mean creating over 100 parameter entries for each url which is what I am trying to avoid. Is there a way to tell the ASM parameter: protect ABC only if the url begins with "/x/url1/" without creating a url object that will now permit all access to "/x/url1/"?

 

1 Reply

  • Hi,

    From some presentation, I guess it's related to your question:

    Wildcard Entities

    Entities sharing a similar characteristic can be grouped:

    • Don’t check
    • File upload parameters that need to be defined as ‘don’t check’ value
    • Objects or parameters with a dynamic part:
    • Objects: /test/[TODAYS_DATE]/reports/report.asp
    • Parameters :Item_ID_[NUMBER]
    • Character sets or attack signatures

    You can use as many *’s as you want

    /directory/*/images/*.gif
    *
    Abc*
    Ab*c
    [ab]*c
    

    Piotr