Question
- What information does Silverline Need to Effectively Implement Illegal Meta character Violations?
Environment
- Silverline WAF
- WAF policy/policies
- Categories/modules related to Illegal Meta characters include:
- Illegal meta character in URL
- Illegal meta character in parameter name
- Illegal meta character in value
- Illegal meta character in header
- Categories/modules related to Illegal Meta characters include:
Answer
- There are four modules to the Illegal Meta character violations
- Please review each section and determine the sections that you would like to enforce meta characters, then review each article to identify a list of disallowed (not accepted) characters
- Illegal meta character in URL - a list of meta characters that are allowed/disallowed to be in the URL
- Illegal meta character in parameter name - a list of meta characters that are allowed/disallowed in parameter name
- Illegal meta character in value - a list of meta characters that are allowed/disallowed in the JSON, XML, and/or parameter value
- Illegal meta character in header - a list of Meta characters that are allowed/disallowed in the HTTP header
- Open a ticket with the SOC and provide the following information (Contact SOC / Contact Silverline Support)
- Name of the WAF policy/proxy
- Which of the 4 meta character categories/modules to enable (in alarm and/or blocking) or all 4 or any combination?
- What are the metacharacters to allow in each category/module?
Related Content
- Q&A: What are the default meta characters that are not allowed in a URL for a WAF policy?
- Q&A: What are the default meta characters that are not allowed in a Parameter Name for a WAF policy?
- Q&A: What are the default meta characters that are not allowed in a value for a WAF policy?
- Q&A: What are the default meta characters that are not allowed in an HTTP Header for a WAF policy?