Forum Discussion

Tim_04_148927's avatar
Tim_04_148927
Icon for Nimbostratus rankNimbostratus
Mar 27, 2014

Is it possible to disable Evasion Technique signatures for certain URLs or parameters?

I have a web application behind an ASM which occasionally receives "\" on one parameter, which the ASM blocks. Rather than disabling the evasion technique detection everywhere on the policy, is it possible to disable it on certain URLs / parameters? I tried creating new parameters and overriding the detection of the "\" character, but it still got blocked due to the evasion technique detection.

 

3 Replies

  • Is there any update to this? We'd like to disable evasion technique checking on a password parameter. We have allowed alphanumeric and most punctuation characters for password, as well as disabled attack signature checking, however if someone has "%21" as part of their password, this gets blocked as evasion technique "%u decoding". It seems silly that there isn't a way to have the ASM just totally ignore a parameter. How can we disable evasion technique checking on a parameter? We don't want to disable it for the entire policy.

     

    • ltwagnon's avatar
      ltwagnon
      Ret. Employee

      Hi Robert. I don't know of a way to disable this particular check on a single parameter because I'm pretty sure this is a "global" ASM check that applies to everything protected by that policy. You can turn off the specific "%u decoding" evasion technique detection, but then it would turn that evasion detection off for the entire policy. The other evasion technique checks would still be enabled, though, so you wouldn't lose complete evasion detection. I'm working to see if an iRule solution might be able to help here. I'll let you know if/when I get anything working.