Forum Discussion

Cirrus

Feb 18, 2019

ASM : Context AMF Body

Hi, I am having several signatures match for a content of a png file upload, and also an HTTP compliance violation (Bad multipart parameters parsing : Chunk value does not contain any CRLF). ASM...

ASM Advanced WAF

security

Tanner_Aunan

Employee

Dec 31, 2019

Hi, hopefully this is still relevant.

The AMF body context is used to place the entire POST body into a single parameter value for purpose of applying signatures. As you probably saw though, this results in many false positives and removes ability to control overrides and content handling at the parameter level.

The reason AMF body is happening is usually because the multipart request is not proper RFC. If you enable the "bad multipart request" violation in the policy at alarm level you will likely see this violation is occurring as well. If this violation occurs we cannot parse the parameters in the multipart request therefor we fall back to using AMF body.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

ASM : Context AMF Body

Introducing the F5 Application Study Tool (AST)

Displaying Application Study Tool (AST) Dashboards in Your Own Grafana Instance

Recent Discussions

What dose "Accept" do in BIG-IP ASM event logs

Is anyone using Certbot for F5 certificate automation? If not, what tool do you use?

Change Content-Type from application/octet-stream to multipart/form-data

f5 AI Gateway pii-redactor not working

Terraform apply failures - loadbalancer_type.https.port_choice

Related Content

F5 MCP(Model Context Protocol) Server

File Uploads and ASM

ASM/WAF Management Automation - TMOS

iRules Concepts: Considering Context part 1

ASM LOGS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS