Understandint WAF implementation Jscript_Defs

rwilliamsrwilliams Member
in ADC - Application Delivery
Hi All,

I am just looking the WAF capabilities of our new 3030S devices. I have implemented a basic policy in Learning mode and our QA testers have raised that some of the web page forms are failing now. looking at the logs I see the following entry

"Javascript pattern detected! test+programme+description matches #91 in s1"

I look at the jscript_defs file in the WAF section and I see on line 91 the following entry:

"s1,script"

but where are the patterns stored? I take it S1 points to another definition file or something where there is some pattern matching going on. But how do I edit this pattern if I wanted to?

Help greatly appreciated

Ryan
Tagged:

Comments

  • dshindshin Member
    edited November 2015
    Hi Ryan,

    Yes, the xss-check flag on a WAF template indicates that you want to test
    header and argument names and values against the patterns in a WAF policy.

    By default, the WAF policy is a jscript_defs, which is shipped with the
    Thunder. It is a little simplistic so can have false positives. If you
    want to modify the definitions then you should do the following:

    Copy the file to something of your own like:

    ax2(config)#waf copy jscript_defs my_jscript_defs

    Then you can edit the file to make it match whatever you want:

    ax2(config)#waf edit my_jscript_defs

    You will then need to modify your WAF template to use the new policy file
    instead of the default:

    ax2(config)#slb templ waf waftest
    ax2(config-waf)#xss-check reject my_jscript_defs

    Hope this helps.

    Genard
Sign In or Register to comment.

© Copyright 2024 - A10 Networks Community - All Rights Reserved. | Legal