How to: Enable blocking evasion technique¶
In this example, we enable the evasion technique violation with the blocking setting as true. We also configure (enabled or disabled) all of its sub-violations in the relevant section. Note that you can add/remove sub-violations to match your desired configurations. However, not listing a violation does not mean it will be disabled. Rather, it would actually mean that the default configuration would not be overridden for that specific sub-violation.
{
"policy": {
"name": "evasions_enabled",
"template": {
"name": "POLICY_TEMPLATE_RATING_BASED"
},
"applicationLanguage": "utf-8",
"enforcementMode": "blocking",
"blocking-settings": {
"violations": [
{
"name": "VIOL_EVASION",
"alarm": true,
"block": true
}
],
"evasions": [
{
"description": "Bad unescape",
"enabled": true
},
{
"description": "Directory traversals",
"enabled": true
},
{
"description": "Bare byte decoding",
"enabled": true
},
{
"description": "Apache whitespace",
"enabled": true
},
{
"description": "Multiple decoding",
"enabled": true,
"maxDecodingPasses": 2
},
{
"description": "IIS Unicode codepoints",
"enabled": true
},
{
"description": "IIS backslashes",
"enabled": true
},
{
"description": "%u decoding",
"enabled": true
}
]
}
}
}