Forum Discussion

Altostratus

Aug 20, 2020

ASM security policy with Atlassian Confluence

Has anybody configured an Atlassian Confluence server behind an F5 with ASM security? I find that it's getting LOTS of false positives that I'm hesitant to accept, mostly of the SQL injection variet...

Altostratus

I've made sure that the JSON profile is is first in line, but looking more closely at this, I'm seeing that the problematic POST requests are coming in as

Content-Type: text/plain

with

Accept: application/json, text/javascript, */*; q=0.01

I'm assuming this explains why it's not parsing properly? Or should it be recognizing the content as JSON automatically?

Julie

Altostratus

Aug 24, 2020

I actually started doing that today, but Confluence is so monolithic, this path will probably be fairly time consuming. I was hoping there was an easier way, but I guess not. Thanks for the input.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

ASM security policy with Atlassian Confluence

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

F5 health 443 monitor issue with Atlassian Conluence

F5 Security Podcasts

Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio

Auditing Security Policy Updates

Confluence Arbitrary File Write via Path Traversal (CVE-2019-3398)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS