How to exclude all signatures check for POST body in a particular page

Forum|Forum|9 years ago
March 16, 2017
1 reply
4052 views

Hi, many time, WAF (ver 5.60) block the POST to a particular page with many different signatures. This because on the raw body of the POST the customers send a xml within all type of char, code, url and other crap. This xml for the application isn't a problem, it's by developer's design.[&o] I don't want create a security hole and totally exclude the page from check signature process (with URL Access Rules), I want exclude from check process only the xml body. How I can do ?

max_monterumisiAuthor

New Member

The only way that I found is, from Web Application > Know Attacks > Signatures, exclude signature by signature the Elements:

HOST = www.mysite.org as a string URI = /push/Service.asmx/SendXML as a string Parameter = BMS_XML as a string

but it's very long work.

Then can be better if we can exclude from all signatures the same parameters (BMS_XML)

john_khoxer

New Member

I have similar question.

How is it possible to disable all signature checks for special parameter or url ?

I don't want to do it per signature!

This is very important feature! how come I cannot find any solution for it on the fortiweb!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded