For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Joachim_Roessne's avatar
Joachim_Roessne
Icon for Nimbostratus rankNimbostratus
Oct 27, 2015

ASM: Disable violations for a certain URL

Hi All, i have a ASM security policy for Sharepoint (it was created from someone else). Unfortunately, there is a site in Sharepoint for pentester. A discussion board and so on... As you can imagin...
ASM Advanced WAF
security
Joachim_Roessne's avatar
Joachim_Roessne
Icon for Nimbostratus rankNimbostratus
Oct 29, 2015

This one is driving me crazy. I can't figure out how to tell ASM to not inspect Request that belong to /sites/pentest/*

It is still complaining with Requests like 

/sites/pentest/lists/discussion0x20board/style0x20type=textcssbodybackgroundurl(javascriptalert('xss'))style
Of course it detects Attack signtature on that URL. But how to allow that for a certain URL ?

Any suggestions? Maybe the only way is to disable ASM by iRule when a request for /sites/pentest arrives. But thats not a good solution.

- Joachim