For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Scott123456789's avatar
Jan 11, 2021
Solved

ASM flagging legitimate traffic as "most likely a threat"

I'm fairly new to managing ASM and I'm learning on the fly. In this case, the protected application is a Jira instance. Most traffic that ASM has blocked for this application so far has been a single...
  • Scott123456789's avatar
    Jan 14, 2021

    According to F5 support, the problem was that ASM was trying to parse the attachment being uploaded. This is the job of anti-virus, not ASM. The solution was to create an allowed URL exception in the policy for this type of content.

     

    This instructs ASM to not inspect the BODY of the request:

     

    - Browse to: Security ›› Application Security : URLs : Allowed URLs : Allowed HTTP URLs

    - make sure to 'select' the correct policy

     

    - click 'Create' (for New Allowed URL)

     

    - change view to 'Advanced'.

    - Specify the URL (Explicit, [HTTPS] /rest/internal/2/AttachTemporaryFile)

    - uncheck staging

     

    - click on 'Header-Based Content Profile':

     Request Header Name: Content-Type

     Request Header Value: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet   

     Request body handling: Do nothing

     click 'Add'.

     move it up the list

     

    - click 'Create'.

     - Apply Policy