Technical Tip: Details regarding duplicate parameter name attack log

FortiAppSec Cloud can detect Duplicate Parameter names in requests after enabling the 'Duplicate Parameter Name' option in Access Rules -> Request Limits.

In the attack logs below, the user can view that FortiAppSec Cloud has detected a Field Parameter name that is repeating more than 1 time. That is why FortiAppSec Cloud blocked the traffic, as action was set as Alert&Deny in module settings. 

Note: There will be no way to bypass this action without changing the action of the module to alert, or the user can add their IP address to the trust list. However, a trusted IP address will bypass all modules, making sure that the trusted IP address will not send the malicious traffic.
If the above changes can not be done, then the administrator has to remove the duplicate parameter from the application level itself.