F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Julie's avatar
Julie
Icon for Altostratus rankAltostratus
Aug 20, 2020

ASM security policy with Atlassian Confluence

Has anybody configured an Atlassian Confluence server behind an F5 with ASM security? I find that it's getting LOTS of false positives that I'm hesitant to accept, mostly of the SQL injection variet...
ASM Advanced WAF
Atlassian
BIG-IP
confluence
security
Julie's avatar
Julie
Icon for Altostratus rankAltostratus
Aug 24, 2020

I've made sure that the JSON profile is is first in line, but looking more closely at this, I'm seeing that the problematic POST requests are coming in as

 

Content-Type: text/plain

 

with

 

Accept: application/json, text/javascript, */*; q=0.01

 

I'm assuming this explains why it's not parsing properly? Or should it be recognizing the content as JSON automatically?

Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee
Aug 24, 2020

You can just apply a JSON profile to a URL, if all the posts to that URL are going to be JSON (without using Header-Based profile selection).

 

Once the data is being interpreted correctly, the violations should be restricted to the specific parameters that hold text. You can then exclude those parameters from specific Attack signatures without disabling them from the entire policy.