For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

lenv33_310445's avatar
lenv33_310445
Icon for Nimbostratus rankNimbostratus
Feb 15, 2017

application blocked http compliance failed (Body in GET or HEAD requests)

Hi

 

We are using F5 os ver 12.1.2 with ASM module.

 

and we are getting blocked some business application pages under http compliance failed (Body in GET or HEAD requests) not able to dig down the exact root cause.

 

dont know how to handle this. we are not able to disable the properties of Body in GET or HEAD requests. because our customer is not allowing the same.

 

Please help on priority.

 

application delivery
ASM Advanced WAF
security

6 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Feb 15, 2017

    Lenv33, the only option then is to remove the blocking setting against this violation in the policy settings section of the GUI.

     

    Hope this helps,

     

    N

     

  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Feb 15, 2017

    If this is emergency, you are better off opening up a case as this requires a lot of data from the device in order to understand the existing policies and what is being blocked. Did you get to check the logs to get some hint on possible reasons for blocking ?

     

  • lenv33_310445's avatar
    lenv33_310445
    Icon for Nimbostratus rankNimbostratus
    Feb 16, 2017

    Hi All,

     

    any one is there who can help me with this. not able to justify why this is blocking the request

     

  • Martin_326665's avatar
    Martin_326665
    Icon for Nimbostratus rankNimbostratus
    Jan 17, 2018

    I have the same issue after upgrade from v11. It is caused by client sending GET request with HTTP header "Content-Type".