Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Apr 21, 2021

ASM -ATTACK SIGNTURE

From where ASM bring the below ?

Detected Keyword 8a_iVR18tOx=h[=u4DLfu[Am2cl058%<?iw`TR>s4B.4=3,b#B39bF,YAf>d2NS

 

when I'm trying to upload document in portal ex: .docx , I face block with attack signature detect

 

application delivery
ASM Advanced WAF
BIG-IP
security
  • spalande's avatar
    spalande
    Apr 21, 2021

    with file uploads through ASM, it always needs to define a explicit "file upload parameter" for a upload link. If not done, ASM will detect lot of false positives when it parse the attachement (e.g. images, pdf or docs).

     

    Plesae go through the below article and create necessary upload parameter.

     

    https://devcentral.f5.com/s/articles/file-uploads-and-asm

  • spalande's avatar
    spalande
    Icon for Nacreous rankNacreous
    Apr 21, 2021

    with file uploads through ASM, it always needs to define a explicit "file upload parameter" for a upload link. If not done, ASM will detect lot of false positives when it parse the attachement (e.g. images, pdf or docs).

     

    Plesae go through the below article and create necessary upload parameter.

     

    https://devcentral.f5.com/s/articles/file-uploads-and-asm

    • THE_BLUE's avatar
      THE_BLUE
      Icon for Cirrostratus rankCirrostratus
      May 04, 2021

      in V15 , even if you choose Data Type to be File upload , the attack signture tab will still exist. Shall we have to disable attack check from file upload parameter?

  • Ahmed_Galal's avatar
    Ahmed_Galal
    Icon for Cirrostratus rankCirrostratus
    Apr 22, 2021

    which attack signature that blocked you and if you are sure that it is normal application behaviour you can allow it under matched parameter.

     

    check this article to Configuring attack signatures for a parameter

     

    https://support.f5.com/csp/article/K79544554