Whitelisting GET/POST/HTML/Json parameters from Astra firewall
Sometimes GET/POST/HTML or Json parameters accept special character which might be flagged by Astra as they contain some special characters which are often used by attackers. You can whitelist such GET/POST/HTML/Json parameters from Astra scanning by following steps:
- Click on the green ‘+’ icon on the threat page
- Click on the blue ‘Whitelist GET.parameter-name’ button
- Parameter won’t be scanned by Astra any more, it was that simple 🙂
Whitelist GET or POST parameter when it’s not in the threats page
- Go to the ‘threats’ page & scroll down up till ‘exception list’
- In the box enter the GET/POST/HTML you want to add as an exception. Example: if you want to add a GET parameter with the name ‘anything’ to exception list then you’ll have to add GET.anything
- If you’ve added GET/POST parameter then simply type them in the box and click on ‘Exception Fields’
- If you want to add HTML, then add HTML parameter to the box and click on ‘HTML Fields’. Similarly with Json field too.
- That’s it, now Astra won’t be scanning these parameters.