ASM - Disable violation for a specific URI
Below is the violation detected for a certain URI. We are looking to disable only for this specific URI
Evasion technique detected [1]
Detected Evasion Technique Bad unescape
Parameter Value
"1.0"?<UserName>xxxxxxx</UserName><UserPassword>Hello123%</UserPassword><CurrentDateTime>2023-05-29</CurrentDateTime><UserType>U
ssword>Hello123%</UserPassword><
(Password contains the character '%')
1. Would the following iRule help? Can we also include character of the parameter value to the iRule to be more specific (ASM::violation details, parameter_data.value)
when ASM_REQUEST_DONE {
if {[ASM::violation names] contains "Evasion technique detected" and [string tolower [HTTP::uri]] contains "URI"}
{
ASM::unblock
log local0. "ASM unblocking [HTTP::uri]"
}
}
2. Would adding a return carriage or a space to the html code before the </UserPassword> work?