For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rahulve's avatar
Rahulve
Icon for Nimbostratus rankNimbostratus
Sep 11, 2019

Bypass the character for Evasion technique Detected violation

Hi, I need help to bypass or allow %", character which has triggered the Detection violation(Bad unescape) in JSON POST Data. This is legitimate request and i don't see this request on learning sugg...
ASM Advanced WAF
Bad unescape violation technique.
security
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Sep 11, 2019

Hi,

 

Easy was, create an URL where the violation is trigged:

 

Security ›› Application Security : URLs : Allowed URLs : Allowed HTTP URLs ›› New Allowed HTTP URL... (explicit).

 

Then create parameter needed where the violation is trigged (In the URL created before):

 

 

Then allow % in this parameter.

 

Don't forget to apply policies.

 

Let me know if it's clear for you.

 

regards

Rahulve's avatar
Rahulve
Icon for Nimbostratus rankNimbostratus
Sep 11, 2019

This error appeared for JSON Content not on the uRL . we already have wildcard parameter with % allowed in user-input.