Applies To:

Show Versions Show Versions

Manual Chapter: Security Policy Violations
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Security policy violations (or just violations) occur when some aspect of a request or response does not comply with the security policy for a web application. Violations occur in the following categories:
The Application Security Manager reports RFC violations when the format of an HTTP request violates the HTTP RFCs. RFC documents are the general specifications that summarize the standards used across the Internet and networking engineering community. RFCs, as they are commonly known, are published by the International Engineering Task Force (IETF). For more information on RFCs, see http://www.ietf.org/rfc. Table A.1 lists the RFC violations and describes the event that triggers the violation.
Access violations occur when an HTTP request tries to gain access to an area of a web application, and the security policy detects a reference to one or more entities that are not defined in the security policy as part of the web application. Table A.2 lists the access violation types and describes the event that triggers the violation.
The incoming request contains a session ID value that does not match the session ID value from a previous request from the same client.
The incoming request is larger than the buffer for the Policy Enforcer parser. When the system receives a request that triggers this violation, it stops validating the request for other violations.
Length violations occur when an HTTP request contains an entity that exceeds the length setting that is defined in the security policy. Table A.3 lists the types of length violations and describes the event that triggers the violation.
The incoming request contains a query string whose length exceeds the acceptable length as specified in the security policy.
Input violations occur when an HTTP request includes a parameter or header that contains data or information that does not match, or comply with, the security policy. Input violations most often occur when the security policy contains defined user-input parameters. Table A.4 lists the types of input violations and describes the event that triggers the violation.
The incoming request contains a character that does not comply with the encoding of the web application (the character set of the security policy), and the Policy Enforcer can not to convert the character to current the encoding.
The incoming request includes a header whose value contains a meta character that is not defined in the security policy. Note that if you accept the meta character that caused the violation, the Application Security Manager updates the character set for header values to include the meta character.
The incoming request includes a parameter whose value contains a meta character that is not defined in the security policy. Note that if you accept the meta character that caused the violation, the Application Security Manager updates the character set for parameter values to include the meta character.
The incoming request contains either too few or too many mandatory parameters on a flow. Note that only flows can contain mandatory parameters.
The incoming request contains a parameter for which the data type does not match the data type that is defined in the security policy. This data types that this violation applies to are integer, email, and phone.
The incoming request contains a parameter whose value is not in the range of decimal or integer values defined in the security policy.
The incoming request contains a parameter whose value length does not match the value length that is defined in the security policy. Note that this violation is relevant only for user input parameters.
Parameter value does not comply with regular expression
The incoming request contains an alphanumeric parameter value that does not match the expected pattern specified by the regular-expression field for that parameter.
XML data does not comply with schema or WSDL document
Note: The Policy Enforcer cannot distinguish between dynamic parameters that have been defined incorrectly, and dynamic parameters that actually contain bad values. In both cases, the system issues the Illegal parameter violation. It is up to the user to evaluate the request, to determine what caused the violation.
Cookie violations occur when the cookie values in the HTTP request differ from those defined in the security policy. Most of the cookie violations are related to longer client sessions. Table A.5 lists the cookie violation types and describes the event that triggers the violation.
The incoming request contains an Application Security Manager (ASM) cookie that has been modified or tampered with.
The domain cookies in the HTTP request do not match the original domain cookies or are not defined as allowed modified domain cookies in the security policy.
Negative security violations occur when an incoming request contains a string pattern that matches an attack signature in one of the security policys attack signature sets, or when a response contains exposed user data, for example a credit card number.
Table A.6 lists the negative security violations and describes the event that triggers the violation.
There are a few violations that are related to system resources. Table A.7 lists the other violations and describes the event that triggers the violation.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)