Amin Eideh Posted July 11, 2021 Share Posted July 11, 2021 Greetings, Been struggling with the field format check, as we already deployed a relaxation rule with the "ANY" field type , length is also at the max. any suggestions on why it may be still blocking the request. Much Regards Link to comment
1 Rhonda Rowland1709152125 Posted July 11, 2021 Share Posted July 11, 2021 Share the event that you are seeing will help. Here's the deal with Field Format protection. If no "default field format" is specified, then ONLY fields listed in the relaxation are protected. This is the preferrred implementation (so you only use it when neeeded and if there is no other way to protect the field input.) If a "default field format" is specificed, then every field must meet default requirements unless exempted. Since its easy to misconfigure field formats, usually you leave the "default" off and only use it to provide field content protections if you can't mitigate the attack through any other feature like signatures, start/deny urls, sql injection/cmd injection. Second depending on how it is implemented (with or without default field requirement) will affect how effective your field pattern will be. Most common issues when protecting a field is misconfigured regex, not marking field name/contents as regex based, or improper use of anchors and possibly field match length. If you can share the exact log event and the rule settings you've tried to implement you might get a more specific answer. Also share firmware version in case there is a bug. Be sure it is a field format violation and not a form field consistency. 2 Link to comment
0 Amin Eideh Posted July 13, 2021 Author Share Posted July 13, 2021 The exact message is "Field Format check failed for field content%3D"%26lt;p style%3D"text-align; center;"%26gt;526lt;span style%3D"font-size." Thank you for the useful information, really appreciate it. Link to comment
Question
Amin Eideh
Greetings,
Been struggling with the field format check, as we already deployed a relaxation rule with the "ANY" field type , length is also at the max.
any suggestions on why it may be still blocking the request.
Much Regards
Link to comment
2 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now