For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kcb263's avatar
kcb263
Icon for Nimbostratus rankNimbostratus
Mar 02, 2012

Block all "HTTP Protocol Compliance - Unparsable request content" EXCEPT a Specific URL?

Is it possible to allow a specific URL to bypass a block of "Unparsable Request Content"?     When I went to Manual Policy Building > Traffic Learning > RFC Violations > HTTP Protocol complian...
app sec
BIG-IP Access Policy Manager (APM)
security
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Mar 06, 2012
You might be able to use an iRule to selectively block for this type of violation if the requested URI is not in a string data group of URIs to allow the violation on. The general idea is that you'd disable blocking for the violation but leave alarm enabled and then check the [ASM::violation_data] array in the ASM_REQUEST_VIOLATION event. I'm not sure whether the subviolation for unparsable request content has been added for ASM::violation_data though. Can you try testing this on a non-production virtual server?

 

 

First though, why is a client sending unparsable request content? Generally this means that the client is sending an improperly formatted request which breaks the HTTP RFCs. Are you able to change either the application or the client to fix this? That would be the ideal solution.

 

 

Aaron