F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

imac_105647's avatar
imac_105647
Icon for Nimbostratus rankNimbostratus
Jun 23, 2010

Application firewalling quandary

This problem is not strictly limited to ASM, but is a more general question:     I am seeing lots of end users type things that throw an exception on the ASM (it's not in blocking mode so I'm ju...
app sec
BIG-IP Access Policy Manager (APM)
security
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jun 23, 2010
Hi Ian,

 

 

The perfect scenario is if the app uses clientside Javascript to "ask" the user to not enter invalid characters, ASM is blocking with a tight configuration and the app does proper validation of the user input. Then you can keep ASM blocking these types of violations and still give the user a good experience. If you know the app handles validation for these fields successfully, you could relax the ASM charset either for specific parameter values or for all parameter values. If the app doesn't do proper sanitisation of user input, I'd say it's better to block errant user-input and protect the app.

 

 

I've heard preliminary discussions of the ability to strip meta-characters from specific parameter values. You might consider talking with your account manager to put in a request for this type of functionality.

 

 

Aaron