natethegreat_23
Nov 14, 2017Nimbostratus
How to still get alerts from an allowed JSON profile?
I have a configuration similar to below in ASM v12, and would like to be able to still get an alert when the exact attack signature would be met:
/allowed/url.html with header based JSON profile "allow SQL signature X"
This "SQL signature X" is in blocking for the rest of the site, but I would still like to get an alert if it is seen on the /allowed/url.html
Is it possible for that to happen, or since it is in the allowed url in the JSON profile is that not an option? Thanks!