Rene_Bader_1308
Aug 05, 2014Nimbostratus
Solved
URL parameter not working (ASM)
Hi all,
I'm new to the ASM and currently trying to protect an application that uses URL parameters in some requests.
I want the ASM to allow only named parameter values and configured them at
Security --> Application Security --> Allowed URL --> URL parameters
as static values. Everything up to allowed URL is working as expected unless the parameters are not restricted to the values I defined. I can still enter any value I like and it's gonna be interpreted by the application.
What I'm missing in my rule?
Thanks
René
Check your policy blocking settings. As I always tell my students there are three things required for ASM to block.
- The policy must be in blocking mode.
- The entity must not be in staging.
- The blocking settings (learn, alarm and block) must have block ticked for that violation.
There is a specific violation related to static parameter settings, it is easily missed.