AltocumulusHi Guys
Have an issue with templates (html and css) being uploaded to a certain url detects them and blocks as Cross Site Scripting (XSS), Detection Evasion, Other Application Attacks, SQL-Injection
is there anyway to allow them through to the specific area they will only ever come via 1 url
thanks in anvance
when HTTP_CLASS_SELECTED { ASM::enable if { [HTTP::uri] starts_with "/*****" } { ASM::disable } }
CirrusIf this comes from a trusted developer IP the easiest way would probably be whitelisting him: Security ›› Application Security : IP Addresses : IP Address Exceptions ›› New IP Address Exception...
IP Address Exception Properties IP Addressdeveloper_source_ip Netmask255.255.255.255 Policy Builder trusted IP Disabled Ignore in Anomaly Detection Enabled Ignore in Learning Suggestions Enabled Never block this IP Address Enabled Never log traffic from this IP Address Enabled
Altocumulusit comes from a specific URL to upload the template so guessing i give it the static ip of that url it should work?
thanks
Altocumulusdidnt work via the ip
MVPdepending on the attack signature type you might be able to disable it on a parameter.
if you can't you need to do something with different ASM policies. you can't disable based on URI for attack signatures easily shamefully.
Altocumulusmanaged to do this via an irule
when HTTP_CLASS_SELECTED { ASM::enable if { [HTTP::uri] starts_with "/*****" } { ASM::disable } }
Altocumuluswhen HTTP_CLASS_SELECTED { ASM::enable if { [HTTP::uri] starts_with "/*****" } { ASM::disable } }
MVPah still version 10? or older version 11? have a look at upgrading.
do understand this disables all ASM protection, so not just a few signatures disabled but everything.
it might be better to change ASM policy based on URI, that way you keep some protection at least.