F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

natethegreat_23's avatar
natethegreat_23
Icon for Nimbostratus rankNimbostratus
Mar 13, 2017

Can I allow Buffer Overflow attack signatures in just an XML request?

The website has an upload page where people can submit receipts. The request looks like this: 4AAQSkD6RXhpZgAuocAAcAAAgMAAAAPgAAAAAc6gAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...
ASM Advanced WAF
security
xml
Gerlan_32355's avatar
Gerlan_32355
Icon for Altostratus rankAltostratus
Mar 30, 2017

Hi Scott,

 

I used this irule to unblock ASM for an URL:

 

when ASM_REQUEST_DONE {

 

if {[ASM::violation names] contains "ATTACK_TYPE_BUFFER_OVERFLOW" and (([string tolower [HTTP::uri]] contains "/yourURL"))} {

 

ASM::unblock

 

log local0. "ASM unblocking [HTTP::uri]" }

 

}

 

look this documentation:

 

ASM::unblock - https://devcentral.f5.com/wiki/irules.asm__unblock.ashx ASM::violation - https://devcentral.f5.com/wiki/irules.asm__violation.ashx ASM Violation names/tables - https://devcentral.f5.com/wiki/irules.asm__violation_data.ashx ASM_REQUEST_DONE - https://devcentral.f5.com/wiki/iRules.ASM_REQUEST_DONE.ashx HTTP::uri - https://devcentral.f5.com/wiki/iRules.HTTP__uri.ashx