Open Redirection Mitigation
hello, ASM has a feature to mitigate the open redirection attacks when the redirect happens at the header level (i.e: with Location in response). When the redirection is within the payload response, the ASM does not block it. do you guys know about any ASM configuration that may address this issue and mitigate this kind of attack ? thanks. o.Solved86Views0likes6CommentsASM instance creation
HI Team , I have to create an WAF instance similar to the one which is already available . I need help on creating the ASM policy similar to the one which is already used by other VIP . So my ASM policy name is ASM_NETWORK_443 and I have to create an identical policy with name ASM_DRNETWORK_443 . Is there any option to clone the ASM policy or export and import the policy and rename the Policy name ? Kindly help me on this .42Views0likes2Comments[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command
Hi Team , 1.Is there any cli command to check if "HTML5 Cross-Domain Request Enforcement" is enabled for any ASM Policy ? 2.CLI command to check the list of allowed URL's ( to reach the below path and find if any url is already allowed ) Security > Application Security > URLs > Allowed URLs List57Views0likes3CommentsASM / WAF : block request containing certain string?
I have added as much XSS blocking to a policy as possible. A request containing onmouseover or onclick or .... ="alert('hello')" is blocked fine. But when it's coded like onmouseover or onclick or .... ="self['\x....... the ASM accepts this as valid. Can I block a request with this parameter value? How do I achieve this?606Views0likes2CommentsASM / WAF : block request containing certain string?
I have added as much XSS blocking to a policy as possible. A request containing onmouseover or onclick or .... ="alert('hello')" is blocked fine. But when it's coded like onmouseover or onclick or .... ="self['\x....... the ASM accepts this as valid. Can I block a request with this parameter value? How do I achieve this?439Views0likes1Comment