For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Alex_f5's avatar
Alex_f5
Icon for Altostratus rankAltostratus
Oct 17, 2018

ASM allowed URLs with header based content

hello community, I would like to get clear my ideas about the allowed urls in the ASM ... I do have an ASM policy which is still in staging but I have found some violations in JSON posts that are fa...
ASM Advanced WAF
security
Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee
Oct 21, 2018

Alex,

 

but I am not sure if this config. will help me since I already see an HTTP wildcard in this policy

 

An Explicit URL will always match before a wildcard URL, so /web/dataset/ will match in preference to the global wildcard.

 

would like to go in the option to permit this posts when the system finds the /web/dataset/* path in the URL ... and stop receiving violations when posts like this happen.

 

Creating an Explicit URL gives you the opportunity to tune the content profile, signature and metacharacter checks applied to that URL - it does not create a blanket pass for the URL.

 

Applying the correct content profile will make a big difference. However, it may not address issues such as HTTP protocol compliance failed, which are checks that are applied before URL-specific inspection.

 

If you need to completely bypass ASM policy inspection for a URL or apply a much less strict ASM Policy to those URLs, then you need to create a specific Local Traffic Policy to be applied to the virtual that that controls which ASM policy is applied for various URLs.

 

K22021244: Bypassing the BIG-IP ASM system (12.1.0 and later)