Forum Discussion
helenio
Nimbostratus
NimbostratusBypass "Bad unescape" in Body POST (ASM, POST, JSON)
Here the Block.
As you can see is "%" is detected without encoding meaning.
This is normal since the "%" is in the Body of the post as JSON data (see below)
Of course if I disable the "Bad unescape" in " Learning and Blocking Settings" it works, but my Goal is to bypass using rule on parameter or similar, till now without success.
Does anyone have a solution ?
======= JSON on POST Dody Request =======================
- zamroni777
Nacreous
"%" is opening tag for for asp and aspx server side scripts (dotnet)
https://asp.net-tutorials.com/basics/hello-world/if your app server is not using asp/asp.net,
ensure that asp* is not listed in the asm profile's server technology 
helenioReally appreciate the answer, thank you very much ...
I still have problem to understand how it work, here what I, Created a "URLs : Allowed URLs : Allowed HTTP URLs" for POST request and on Meta Character I Disallowed the "%" .
Now the request is not anymore blocket in term of "Bad unescape" but is allowed, and this is fine, but it looks that Meta Character control that is configure to block "%" (for test purpose) is not working.
Where I'm wrong, I thougth that we where able to control Json Body Characters in this way .. isn't ?
- helenio
Yes my need to permit "%" in bodyis now ok, but ...
As you can see isn't blocked (server send back answer), even if in Meta Character is selected as "Disallow", I'm expecting a Block page, my doubt is that maybe we have to work with parameters
Hi,
Make sure you enforce the newly created URI with POST method and disallowed %.
and make sure you enable this:also the policy in blocking mode
Hi,
By disallowing it like that, the request should be blocked if it contains "%" so you need to allow it, if it's false positive
Hi,
Have a look here, it's how to solve it using AWAF Microservices :
False Positive Bad Unescape BIG-IP ASM | DevCentral
Oryou can add a JSON content profile : https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-0-0/20.html
check the impacted URL >> create it explicitly >> enable meta characters.
