For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Aurel's avatar
Aurel
Icon for Cirrus rankCirrus
Feb 15, 2019

ASM signature 200011026 different behaviour from 11.5.x to 12.x

Hello,   A POST request (multipart/form-data) with png file inside is being blocked by ASM version 11.5.4 The request is having the Content-Type header badly crafted inside the body part, and then...
ASM Advanced WAF
security
rob_carr_76748's avatar
rob_carr_76748
Icon for Nimbostratus rankNimbostratus
Feb 18, 2019

If you think that either a) this signature has been redefined in a way that means it is missing malicious content or b) the signature is not being processed correctly, this probably merits a support call.

 

Signatures can change from version to version, usually in order to make the signature more accurate.

 

Aurel's avatar
Aurel
Icon for Cirrus rankCirrus
Feb 18, 2019

Hi, Indeed the code is not the same, probably more accurate matching less content and avoiding more false positive, or being covered by another signature.

 

I finally get a match after many tests, but on a different part on the request.