Forum Discussion

Nimbostratus

Mar 13, 2017

Can I allow Buffer Overflow attack signatures in just an XML request?

The website has an upload page where people can submit receipts. The request looks like this: 4AAQSkD6RXhpZgAuocAAcAAAgMAAAAPgAAAAAc6gAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...

Altostratus

Mar 30, 2017

Hi Scott,

I used this irule to unblock ASM for an URL:

when ASM_REQUEST_DONE {

if {[ASM::violation names] contains "ATTACK_TYPE_BUFFER_OVERFLOW" and (([string tolower [HTTP::uri]] contains "/yourURL"))} {

ASM::unblock

log local0. "ASM unblocking [HTTP::uri]" }

}

look this documentation:

ASM::unblock - https://devcentral.f5.com/wiki/irules.asm__unblock.ashx ASM::violation - https://devcentral.f5.com/wiki/irules.asm__violation.ashx ASM Violation names/tables - https://devcentral.f5.com/wiki/irules.asm__violation_data.ashx ASM_REQUEST_DONE - https://devcentral.f5.com/wiki/iRules.ASM_REQUEST_DONE.ashx HTTP::uri - https://devcentral.f5.com/wiki/iRules.HTTP__uri.ashx

Forum Discussion

Can I allow Buffer Overflow attack signatures in just an XML request?

Recent Discussions

iRule command to allow IP range to access specific URL

When user goes through LB the server page has stripped information

HIGHLY RECOMMENDED LOST CRYPTOCURRENCY RECOVERY SERVICE/ DIGITAL TECH GUARD RECOEVRY

Help with an I-rule rewrite

When adding new GTM(DNS) to the existing group, if software version is not same, what will happen?

Related Content

Bot Signature based on the referer header

Customized Bot Signature not working

Default Attack Signature Sets

attack Signature detected but i can not find keyword inside request

Mitigating log4j (CVE-2021-44228) with AFM Protocol Inspection Custom Signatures