ASM Signatures 200002147 and 200002149 triggering on CMS content

Question

I was doing some testing with an article that one of the content contributors here wrote. 
If I copied + pasted the article into my dummy form as plain text, there were no issues with HTML form submission. &nbsp;
If I passed the same article as HTML either from Eclipse Studio or as-generated from the Javascript based HTML / WYSIWYG editor in our site, ASM would detect a possible signature... so it seems like it's more not happy about HTML being sent back and forth.&nbsp;
Is there something I can do to my content management system's form fields in order to keep them from triggering false positive blocking, or do I have to "learn" the signature for each form field parameter.&nbsp;

boneyard · Answer

don't think many people know by hard which ones those are, it is SQL-INJ expressions like "or 1 is 1" (3) and SQL-INJ expressions like "and 1 is 1" (5) - replaced something there to prevent ASM from triggering here :) so i would assume there is some text going on in the html part with and / or 1 is 1.&nbsp;
personally i would disable these if they occur, there accuracy is low.&nbsp;

Forum Discussion

ASM Signatures 200002147 and 200002149 triggering on CMS content

1 Reply

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Leveraging Ansible Rulebooks for Streamlined Event Triggers: Advantages and Benefits

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

BoT Defense Profile, Signature Enforcement

Wildcard Parameter signature attack