Q&A: What information does Silverline Need to Effectively Implement Illegal Meta character Violations? – F5 Silverline Knowledge Base

Question

What information does Silverline Need to Effectively Implement Illegal Meta character Violations?

There are four modules to the Illegal Meta character violations
Please review each section and determine the sections that you would like to enforce meta characters, then review each article to identify a list of disallowed (not accepted) characters
- Illegal meta character in URL - a list of meta characters that are allowed/disallowed to be in the URL
  - Q&A: What are the default meta characters that are not allowed in a URL for a WAF policy?
- Illegal meta character in parameter name - a list of meta characters that are allowed/disallowed in parameter name
  - Q&A: What are the default meta characters that are not allowed in a Parameter Name for a WAF policy?
- Illegal meta character in value - a list of meta characters that are allowed/disallowed in the JSON, XML, and/or parameter value
  - Q&A: What are the default meta characters that are not allowed in a value for a WAF policy?
- Illegal meta character in header - a list of Meta characters that are allowed/disallowed in the HTTP header
  - Q&A: What are the default meta characters that are not allowed in an HTTP Header for a WAF policy?
Open a ticket with the SOC and provide the following information (Contact SOC / Contact Silverline Support)
- Name of the WAF policy/proxy
- Which of the 4 meta character categories/modules to enable (in alarm and/or blocking) or all 4 or any combination?
- What are the metacharacters to allow in each category/module?