Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 7133 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAS/WAF exception does not work

akmal
i don't know whether i made a wrong setup, but seem the exception function under web application security did not skip as a put it. 

my setup ...
Skip these checks:
SQL Injection Filter
Cross Site Scripting (XSS) Filter

web request matching this path:
domain.com/crm/admin/index.php
domain.com/crm/admin/index.php*

with above setup, still blocked.. anyone could help on this ??


This thread was automatically locked due to age.
Parents
  • 0
    i did not enable for that both. currently i'm using basic protection profile, enable for XSS and SQL injection. the problem with the our application, we need to skip certain path (/crm/admin/*) for XSS.

    from log :

    2011:07:26-11:53:37 asg reverseproxy: [Tue Jul 26 11:53:37 2011] [error] [client x.x.x.x] ModSecurity: Warning. Operator GE matched 20 at TX:inbound_anomaly_score. [file "/usr/apache/conf/waf/REF_WAFDefaultProfileBasic.rules"] [line "367"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 200, SQLi=, XSS=200): IE XSS Filters - Attack Detected"] [hostname "www.domain.com.x"] [uri "/crm/admin/index.php"] [unique_id "Ti46QMCoYAEAAC7XBREAAABQ"] 

    attached profile setup.
Reply
  • 0
    i did not enable for that both. currently i'm using basic protection profile, enable for XSS and SQL injection. the problem with the our application, we need to skip certain path (/crm/admin/*) for XSS.

    from log :

    2011:07:26-11:53:37 asg reverseproxy: [Tue Jul 26 11:53:37 2011] [error] [client x.x.x.x] ModSecurity: Warning. Operator GE matched 20 at TX:inbound_anomaly_score. [file "/usr/apache/conf/waf/REF_WAFDefaultProfileBasic.rules"] [line "367"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 200, SQLi=, XSS=200): IE XSS Filters - Attack Detected"] [hostname "www.domain.com.x"] [uri "/crm/admin/index.php"] [unique_id "Ti46QMCoYAEAAC7XBREAAABQ"] 

    attached profile setup.
Children
No Data
Unfiltered HTML