Forum Discussion

Cirrus

Mar 26, 2019

ASM: Wrong charset on policy, what's the impact ?

Hello, An UTF-8 encoding/charset application is protected by ASM, on which the policy has been set to another one : iso-8859-15. I am considering to set a new policy with the proper charset...

ASM Advanced WAF

security

Erik_Novak

Employee

Mar 28, 2019

You are better off creating a new policy with the new character set. For both UTF-8 and iso8859-15 encodings, undefined characters will be disallowed and you will get a failed to convert character violation, even if some of the lower characters have the same encoding. However, if configured with ISO-8859-8 and receiving UTF-8 data, ASM will try to understand the stream both as ISO-8859-8 and if it fails, will also try UTF-8. IF you absolutely can't change the application language, is it possible to selectively disable the attack signature being triggered?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM: Wrong charset on policy, what's the impact ?

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

What is WAAP?

The End of ClientAuth EKU…Oh Mercy…What to do?

What's new in BIG-IP v21.0?

What Is BIG-IP?

What is Shape Security?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS