NimbostratusI am getting the above message under HTTP Protocol Compliance failed. \0 is known as Null. But I am unable to see the above symbol in Post data. I was able to see the %00 in one of the parameter value.
Please suggest.
CirrusWhen you click on the violation name in the ASM event log it should show you the character in context but not always. The %00 you detected could be the item it was complaining about and if this is allowed for the parameter then you can define it as allowed by going to "Application Security -> URLs -> Allowed URLs" and creating a URL for the faulting page. After you create the URL you can then select it out of the list and pick "URL Parameters" and click the "Create" button. Fill out the form as follows:
Parameter Name : Explicit : (name if the parameter with the null)
Parameter Level : URL : URL Path : enter the URL of the page
Parameter Value Type : Ignore value
Click "Create".
These steps will allow your page to accept the null value if it should be allowed.
NimbostratusBut why I am getting Null in Request (Escaped NULL in post data) when there is no \0
CirrusASM doesn't always show the value. Often it does, sometimes it doesn't. The only definitive way I can think of to prove or disprove this would be to use TCPDUMP and look at the traffic with Wireshark