Forum Discussion
ASM flagging legitimate traffic as "most likely a threat"
- Jan 14, 2021According to F5 support, the problem was that ASM was trying to parse the attachment being uploaded. This is the job of anti-virus, not ASM. The solution was to create an allowed URL exception in the policy for this type of content. This instructs ASM to not inspect the BODY of the request: - Browse to: Security ›› Application Security : URLs : Allowed URLs : Allowed HTTP URLs - make sure to 'select' the correct policy - click 'Create' (for New Allowed URL) - change view to 'Advanced'. - Specify the URL (Explicit, [HTTPS] /rest/internal/2/AttachTemporaryFile) - uncheck staging - click on 'Header-Based Content Profile': Request Header Name: Content-Type Request Header Value: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet Request body handling: Do nothing click 'Add'. move it up the list - click 'Create'. - Apply Policy 
It should work. But that example sure looks like it isn't being decoded. You could try restarting the ASM daemon if it's permissible, but I would recommend getting support before doing that.
- Scott123456789Jan 14, 2021Cirrus Thank you very much for trying to help me, Erik. 
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com