Forum Discussion

Narendren_S's avatar
Narendren_S
Icon for Nimbostratus rankNimbostratus
Mar 24, 2014

Is there a way to configure Meta Value character, data length and attack signatures at URL level instead of parameter level

Hi,

 

We are running LTM cum ASM with version 11.4.1 HF2.

 

currently we are able to configure allow/disallow meta value characters, setting data length and enable/disable attack signatures at parameter level.

 

It requires huge time to configure each and every individual parameter of a page. In a webpage normally we are having more parameters around 200 to 600. So, it is really a huge effort of wasting resources.

 

Is it a way to configure allow/disallow meta value characters, set data length and enable/disable attack signatures at URL level instead of parameter level.

 

ASM Advanced WAF
management
security

1 Reply

Sort By
  • ltwagnon's avatar
    ltwagnon
    Ret. Employee
    Mar 25, 2014

    I don't know of a way to enable/disable attack signatures at the URL level, but on the parameter issue, could you try using wildcard parameters to simplify your list? For my web app, we have lots of parameters with dynamic names, but I found a way to create a few parameters with wildcards, and it saved me lots of time on updating meta value characters, attack signatures, etc. For example, if my app might create the following parameters:

     

    abc$123$edittext

     

    abc$456$edittext

     

    abc$789$edittext

     

    I created a global wildcard parameter abc$*$edittext and it really simplified things. I was able to delete the individual parameters that were covered by this new wildcard parameter. One other thing to mention (and this might not apply directly to your situation), but you can create URL level parameters when a parameter is relevant only to a particular URL.