ASM blocking a legitimate flow, how to proceed

Question

Hello F5 experts,&nbsp;
While trying to access to a specific share, I have an error provided by the ASM which is blocking me because it detects this attack type: Detection Evasion. This is a normal URL and should be working for everyone, ine the requested URL I saw in the logs: /index.php maybe the F5 does not accept this. could you please advise how to proceed ? I cannot whitelist the URL because it changes following the sharing server, and I cannot whitelist the source IP because it changes also.
Please advise,
Thanks,
Khadija &nbsp;

samstep · Answer

you need to investigate the request in the ASM logs and see what exactly is causing the violation - can be a number of factors.&nbsp;
Here is the F5 knowledgebase article to help:&nbsp;
K7929: Working with Evasion technique detected violations&nbsp;
https://support.f5.com/csp/article/K7929&nbsp;

Forum Discussion

ASM blocking a legitimate flow, how to proceed

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

Separating False Positives from Legitimate Violations

Block IP after a number of ASM Blocks

Block traffic

domain blocking

Committing to Overhead: Proceed With Caution.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS