Forum Discussion
hooleylist
Apr 29, 2011Cirrostratus
Hi Deon,
Which ASM version are you running? I seem to remember a bug where the evasion technique logic would falsely detect extra URL encodings even when it wasn't there. I couldn't find a solution on this, but I think it was in 10.0.x. If you haven't done so, you should create a global parameter named password and allow the % metacharacter for it. I'd try to keep this set to disabled in the global param value charset.
If you're still seeing the evasion technique violation after that (which I think you will), then I'd open a case with F5 Support on this.
Aaron