Forum Discussion

Cirrostratus

May 16, 2022

Asm capabilities to decode base46 request

i have tried to inject sql injection in my request and encode it , the asm pass the request as 200 . so how can i decode the request to allow asm to read and detect the attack?

application delivery

security

IoF

Altostratus

May 31, 2022

Not sure what ASM version you are on however in Advanced WAF v.15 there is a checkbox for "Base64 Decoding" when defining HTTP Headers or Parameters in the application security policy. Only meant to be enabled it if the value expected is always going to be Base64 encoded, otherwise you will get a ton of violations/errors.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Asm capabilities to decode base46 request

Recent Discussions

F5 looses the token for the first call

ports are showing open on online scanning tool

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

Related Content

F5 TIC3.0 Capability Mappings

BIGIP VE maximum connections capability

Exploring BIG-IP VE capabilities on HPE ProLiant DL365 Gen10 Plus servers - Part 1 of 2

Fully Decode URI

Exploring BIG-IP VE capabilities on HPE ProLiant DL365 Gen10 Plus servers - Part 2 of 2

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS