ASM detecting violations "top" "time" within HTTP cookies

Question

Hello Dev Central community,I have a question about ASM triggering violations for known attack signatures for execution attempts based on keywords "top", "time", "source", etc. and how to properly handle these false positives.&nbsp;These keywords appear within the HTTP cookie, where some URI paths include "top" and other unix/linux commands.&nbsp;Aside from disabling this ASM violation from the security policy - is there a way to have the F5 ASM ignore these parameters?

lidev · Answer

Hello, &nbsp;You can overide specific attack signature in&nbsp;Security&nbsp;››&nbsp;Application Security : Headers : Cookies List&nbsp;››&nbsp;Edit Cookie.&nbsp;

its_not_the_f5 · Answer

Thanks Lidev! Appreciate the response. I'll edit the cookie list.

lidev · Answer

Your welcome, if my answer was helpful, please don't forget to mark the answer as "Select as Best" in order to pass you post as resolved and help others peoples to find it.

Forum Discussion

ASM detecting violations "top" "time" within HTTP cookies

Recent Discussions

Can i apply ddos profile on virtual server using port range

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

ASM Export JSON - size Limit ?

SNI Sites not taking correct certificate.

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

Related Content

Separating False Positives from Legitimate Violations

Rate limiting GraphQL API query using iRule and Advanced WAF Violation

No Learning Suggestions But could see Violations in the event logs

F5 ASM | count violation

ASM/WAF rate limit and block clients by source ip (or device_id fingerprint) if there are too many violations

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS