Hot!How to exclude all signatures check for POST body in a particular page

Author
max.monterumisi
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/01/09 08:35:21
  • Status: offline
2017/03/16 07:54:23 (permalink)
0

How to exclude all signatures check for POST body in a particular page

Hi,
many time, WAF (ver 5.60) block the POST to a particular page with many different signatures.
This because on the raw body of the POST the customers send a xml within all type of char, code, url and other ****.
This xml for the application isn't a problem, it's by developer's design.
I don't want create a security hole and totally exclude the page from check signature process (with URL Access Rules), I want exclude from check process only the xml body.
How I can do ?
#1

2 Replies Related Threads

    max.monterumisi
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/01/09 08:35:21
    • Status: offline
    Re: How to exclude all signatures check for POST body in a particular page 2017/03/17 04:53:51 (permalink)
    0
    The only way that I found is, from Web Application > Know Attacks > Signatures, exclude signature by signature the Elements:
    HOST =  www.mysite.org  as a string
    URI/push/Service.asmx/SendXML as a string
    ParameterBMS_XML as a string
    but it's very long work.
    Then can be better if we can exclude from all signatures the same parameters (BMS_XML)
    #2
    john.khoxer
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/06/14 02:26:30
    • Status: offline
    Re: How to exclude all signatures check for POST body in a particular page 2018/06/14 02:30:54 (permalink)
    0
    I have similar question.
    How is it possible to disable all signature checks for special parameter or url ?
    I don't want to do it per signature!
     
    This is very important feature! how come I cannot find any solution for it on the fortiweb!
    #3
    Jump to:
    © 2018 APG vNext Commercial Version 5.5