For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

GDC1-TRG-F5's avatar
GDC1-TRG-F5
Icon for Altocumulus rankAltocumulus
Nov 04, 2024

ASM / WAF - Requests getting blocked due to encoded usernames

Users are trying to login to an application and we believe requests are getting blocked due to encoding happening for the usernames. This is an existing config and no recent changes done. The same a...
security
Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Nov 04, 2024

It sounds like the backend app team may have added some encoding to the username parameter. Better sync with them and if it is base64 you have to enable it Securing Base64-Encoded Parameters . Other than that as mentioned in Working with evasion technique detected violations you may need to increase the number of decodings "Multiple decoding"  if needed. Also the parameter "Auto Detect" option is interesting Using the 'Auto detect' option for a parameter to reduce false positive violations .

 

 

I will suggest if the app team has added base64 you may need to upgrade F5 to the latest version because Attack signature check security exposure