Joachim_Roessne
Oct 27, 2015Nimbostratus
ASM: Disable violations for a certain URL
Hi All,
i have a ASM security policy for Sharepoint (it was created from someone else). Unfortunately, there is a site in Sharepoint for pentester. A discussion board and so on... As you can imagine, the ASM is going crazy for all the discussions and uploads around common security leaks.
My thought was, that i create a wildcard URL like
/sites/pentest/*
and as Request Body Handling "Do Nothing" But that doesn't work at all. ASM is still complaining. For example in a request like this:
GET /sites/pentest/Lists/Discussion%20Board/'';!--XSS=
The ASM throws a "Illegal meta character in parameter name" violation.
Is there a way to allow any content for a specific URL. Or maybe an other approach to handle this ?
Thanks and regards, Joachim