ASM policy doesn't block metacharacters in paramters name and value

Question

I have ASM policy in blocking mode for a VS rules are as below:&nbsp;
parameters allowed wildcard *, Value or Name Meta characters are now allowed only space and : allowed in value not parameter nameunder  Application Security : Blocking : Settings Illegal meta character in parameter name and Illegal meta character in value both are blockingurl allowed wildcard /page1*
when I test url parameters to check if the policy works correctly:&nbsp;
/page1?a=

rob_carr · Answer

You've indicated that test requests with &nbsp;

amr_esmat_24704 · Answer

No violations triggered, I also changed settings under blocking to alarm or block but the request passes with no violation or block triggered&nbsp;
Version BIG-IP 11.6.3 Build 0.0.3 Final &nbsp;

ido_breger_3805 · Answer

Hi,
Is staging enabled for that parameter?&nbsp;

samstep · Answer

Make sure Staging is switched off. &nbsp;

rob_carr · Answer

Violations against a parameter in staging will not trigger blocking behavior - also true for file types and URLs. Take the parameter out of staging, re-run the test and I would not be surprised if you see blocking behavior.

Forum Discussion

ASM policy doesn't block metacharacters in paramters name and value

6 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Metacharacters and JSON parameters

paramter for get_performance_graph_csv_statistics

Changing all paramters to global

Hi how do i remove paramter and random value from url?

I am trying to pick out a string of a decrypted JSON web token to set some paramters in it as variables that i can later use to refer in a custom HTTP header. So, the sample token i have is