Jump to content
Welcome to our new Citrix community!
  • 0

Field format relaxation rule


Amin Eideh

Question

2 answers to this question

Recommended Posts

  • 1

Share the event that you are seeing will help.

 

Here's the deal with Field Format protection.

If no "default field format" is specified, then ONLY fields listed in the relaxation are protected.  This is the preferrred implementation (so you only use it when neeeded and if there is no other way to protect the field input.)

If a "default field format" is specificed, then every field must meet default requirements unless exempted.

 

Since its easy to misconfigure field formats, usually you leave the "default" off and only use it to provide field content protections if you can't mitigate the attack through any other feature like signatures, start/deny urls, sql injection/cmd injection.  

 

Second depending on how it is implemented (with or without default field requirement) will affect how effective your field pattern will be.

Most common issues when protecting a field is misconfigured regex, not marking field name/contents as regex based, or improper use of anchors and possibly field match length.

 

If you can share the exact log event and the rule settings you've tried to implement you might get a more specific answer. Also share firmware version in case there is a bug.

Be sure it is a field format violation and not a form field consistency.

 

 

 

 

 

 

  • Like 2
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...