Forum Discussion
kcb263
Mar 02, 2012Nimbostratus
Block all "HTTP Protocol Compliance - Unparsable request content" EXCEPT a Specific URL?
Is it possible to allow a specific URL to bypass a block of "Unparsable Request Content"? When I went to Manual Policy Building > Traffic Learning > RFC Violations > HTTP Protocol complian...
hoolio
Mar 06, 2012Cirrostratus
You might be able to use an iRule to selectively block for this type of violation if the requested URI is not in a string data group of URIs to allow the violation on. The general idea is that you'd disable blocking for the violation but leave alarm enabled and then check the [ASM::violation_data] array in the ASM_REQUEST_VIOLATION event. I'm not sure whether the subviolation for unparsable request content has been added for ASM::violation_data though. Can you try testing this on a non-production virtual server?
First though, why is a client sending unparsable request content? Generally this means that the client is sending an improperly formatted request which breaks the HTTP RFCs. Are you able to change either the application or the client to fix this? That would be the ideal solution.
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects