Forum Discussion

Nimbostratus

Mar 13, 2017

Can I allow Buffer Overflow attack signatures in just an XML request?

The website has an upload page where people can submit receipts. The request looks like this: 4AAQSkD6RXhpZgAuocAAcAAAgMAAAAPgAAAAAc6gAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...

Altostratus

Mar 30, 2017

Hi Scott,

I used this irule to unblock ASM for an URL:

when ASM_REQUEST_DONE {

if {[ASM::violation names] contains "ATTACK_TYPE_BUFFER_OVERFLOW" and (([string tolower [HTTP::uri]] contains "/yourURL"))} {

ASM::unblock

log local0. "ASM unblocking [HTTP::uri]" }

}

look this documentation:

ASM::unblock - https://devcentral.f5.com/wiki/irules.asm__unblock.ashx ASM::violation - https://devcentral.f5.com/wiki/irules.asm__violation.ashx ASM Violation names/tables - https://devcentral.f5.com/wiki/irules.asm__violation_data.ashx ASM_REQUEST_DONE - https://devcentral.f5.com/wiki/iRules.ASM_REQUEST_DONE.ashx HTTP::uri - https://devcentral.f5.com/wiki/iRules.HTTP__uri.ashx

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Can I allow Buffer Overflow attack signatures in just an XML request?

Recent Discussions

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Related Content

IIS 6.0 WebDAV Buffer Overflow

Distributed caching of authentication requests with NGINX Ingress Controller

Wildcard Parameter signature attack

BoT Defense Profile, Signature Enforcement

Live Update- ASM attack signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS