Forum Discussion

David_M's avatar
David_M
Icon for Cirrostratus rankCirrostratus
Dec 28, 2020

ASM SQL injection action changed based on source ip location

Hello,

 

We have a ASM case being reported in which the SQL injection is being blocked in general but the same signature is only results in an alert when the traffic is incoming from a particular source country.

 

Has anyone seen this behavior, I don't think we have manually configured any such behavior so its really strange to even hear of this.

2 Replies

  • Can you confirm that no Geolocation protection is enabled and that there are no IP address exceptions configured for that particular range of IP addresses?

    • David_M's avatar
      David_M
      Icon for Cirrostratus rankCirrostratus
      Yes I double checked we have not configured such exceptions or using geo locations. Also I think the problem is a different one, they just reported it this way but that's not what's happening so I guess this thread can just stop here for now..