Forum Discussion

Altostratus

Oct 17, 2018

ASM allowed URLs with header based content

hello community, I would like to get clear my ideas about the allowed urls in the ASM ... I do have an ASM policy which is still in staging but I have found some violations in JSON posts that are fa...

ASM Advanced WAF

security

Alex_f5

Altostratus

Oct 21, 2018

Hello Scott, the violation found are:

Evasion technique detected
Failed to convert character
HTTP protocol compliance failed

But is my my understanding that if we just allow the URL and we add a header based content profile that matches a specific value in the http header then the ASM will not generate a log even if other violations are found, am I wrong?, thank you !

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

ASM allowed URLs with header based content

Introducing the F5 Application Study Tool (AST)

Displaying Application Study Tool (AST) Dashboards in Your Own Grafana Instance

Recent Discussions

What dose "Accept" do in BIG-IP ASM event logs

Is anyone using Certbot for F5 certificate automation? If not, what tool do you use?

Change Content-Type from application/octet-stream to multipart/form-data

f5 AI Gateway pii-redactor not working

Terraform apply failures - loadbalancer_type.https.port_choice

Related Content

iRule to modify a content-security-policy header

Invalid Content-Length header caused Big-IP to terminate connection?

Layer 7 Content Routing in F5 XC

DevCentral Content Highlights

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS