NimbostratusOne of the application teams I'm supporting is only concerned about jQuery violations and wants to see records from the WAF request log regarding those specific attack signatures. There's a jQuery signature set, but it doesn't seem possible to filter the request log on that subset of XSS and DoS signatures. Does anyone have deeper insight into how I might provide this to them?
NimbostratusTo filter the WAF request log for specific jQuery-related attack signatures, you can create a custom filter by identifying the signature IDs associated with jQuery XSS and DoS attacks. Then, apply this filter in your reporting tool or export the logs and use external tools to filter by these signature IDs. You might also consider locksmith setting up a specific alert or logging profile in your WAF for these signatures.
Nacreousclient's jquery requests are just like browser's other http requests.
http server including any web server or reverse proxy like ltm/asm can only differ them if the jquey codes includes specific marking, e.g. extra header, extra URL parameter, etc.