How to: Disable one signature and enable another in a user-defined URL¶
In this example, we disable the detection of a specific signature, 200010093
and enable another one, 200010008
, both in a user-defined URL /Common/user_defined_URL
. These signature settings take effect only in requests to that URL. In other requests, the signature behavior is determined by the signature sets these signatures belong to. See Attack Signatures for more details.
{
"policy": {
"name": "user_defined_URL",
"template": {
"name": "POLICY_TEMPLATE_RAPID_DEPLOYMENT"
},
"applicationLanguage": "utf-8",
"enforcementMode": "blocking",
"blocking-settings": {
"violations": [
{
"name": "VIOL_URL",
"alarm": true,
"block": true
}
]
},
"urls": [
{
"method": "*",
"name": "/test*",
"protocol": "http",
"type": "wildcard",
"wildcardOrder": 1,
"attackSignaturesCheck": true,
"signatureOverrides": [
{
"enabled": true,
"signatureId": 200010008
},
{
"enabled": false,
"signatureId": 200010093
}
]
}
]
}
}