Forum Discussion

MohammedHashayka's avatar
MohammedHashayka
Icon for Nimbostratus rankNimbostratus
Jul 05, 2022

.well-known/assetlinks.json violation in ASM

Dears,  I repeatedly fin .well-known/assetlinks.json violation on my ASM logs: * illegal file type * illegal URL length * illegal Request length   URL/Request length bot set to 0, and this requ...
application delivery
asm
falst posivites
Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Jul 12, 2022

Maybe see an article I made long ago as you can turn off a particular violation that comes from the source IP addresses of your bots with an irules:

 

https://community.f5.com/t5/technical-forum/knowledge-sharing-f5-asm-advanced-waf-options-for-granual/td-p/207968

Also look at the json profile options but they are more for bypassing signatures but you may check if the URL is having an assigned JSON profile as well-known/assetlinks.json means that the data should be JSON so it may need to be set for a more better match:

 

https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-asm-implementations/adding-json-support-to-an-existing-security-policy.html

 

 

See here for how to match the source ip and then stop the violation for that URL:

 

https://community.f5.com/t5/technical-forum/whitelisting-inboud-subnet-range-in-f5-using-irule/td-p/298070