For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MohammedHashayka's avatar
MohammedHashayka
Icon for Nimbostratus rankNimbostratus
Jul 05, 2022

.well-known/assetlinks.json violation in ASM

Dears,  I repeatedly fin .well-known/assetlinks.json violation on my ASM logs: * illegal file type * illegal URL length * illegal Request length   URL/Request length bot set to 0, and this requ...
application delivery
asm
falst posivites
Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Jul 12, 2022

Maybe see an article I made long ago as you can turn off a particular violation that comes from the source IP addresses of your bots with an irules:

 

https://community.f5.com/t5/technical-forum/knowledge-sharing-f5-asm-advanced-waf-options-for-granual/td-p/207968

Also look at the json profile options but they are more for bypassing signatures but you may check if the URL is having an assigned JSON profile as well-known/assetlinks.json means that the data should be JSON so it may need to be set for a more better match:

 

https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-asm-implementations/adding-json-support-to-an-existing-security-policy.html

 

 

See here for how to match the source ip and then stop the violation for that URL:

 

https://community.f5.com/t5/technical-forum/whitelisting-inboud-subnet-range-in-f5-using-irule/td-p/298070