Hi @all, its me again :-) Today, i am looking for a way to deactivate the CC check only for POST requests - is this possible? My first idea was, to do this via an iRule - if a POST requests, than switch to another V-Server with a different ASM policy, but i am not sure is this a good way Thanks Bjoern

Hi Bjoern, I can't really see the value in only applying the attack signature to response content for non-POST requests. Chances are the only vulnerability within an application which would lead to credit cards being leaked in response content would be from POST requests. So why would you want to disable the check for POST requests and not all requests? If you do want to do this an iRule and second policy would be an option. You could use the 'HTTP::class select' command (Click here) to select a second HTTP class for POST requests. Note the second HTTP class must also be added to the virtual server in order to select it using HTTP::class. Selecting a second virtual server would work, but unnecessarily add the need for a second virtual server. Aaron

Hi Bjoern, Like Hoolio said, most of the vulnerabilities today on the web are within POST requests, can you please share with us why would you want to do something like that?

Hi, reason is, that in the reporting, the POST requests which include CC data is marked as "Information Leakage Detected". thanks Bjoern

Hi, Are you sure that the website doesn't really leak credit cards numbers? ASM validates that the string of numbers is actually a real credit card using a special algorithm. Which ASM version you are using? 9.X or 10.x?

we using BIG-IP 9.4.6 Build 401.0 Final. In this POST request, a customer send his CC data to buy something - the data he gets back is coded with stars Here is a log extract - no, this CC is not real :-) ----Log----- Full Request POST /cgi-bin/payment.dll HTTP/1.1 Content-Length: 244 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Accept-Language: de-de Cookie: webshop=cmVzZXJ2YXRpb25fZHVyYXRpb249MTI0NzEzNDgxNDc0NyZnaWZ0d3JhcHBlcl9mb3JtYXR0ZWQ9MCUyQzAwJnNoaXBwaW5nPTUuOTAmdG90YWw9MTc0LjEwJmN1cnJlbmN5X3N5bWJvbD0lMjZldXJvJTNCJmNvdXBvbl9mb3JtYXR0ZWQ9MCUyQzAwJnRpY2tldHByaWNlPTE2OC4yMCZpbnN1cmFuY2VfZm9ybWF0dGVkPTAlMkMwMCZpZD1FVkU3NjAxMzEyNDcxMzMxMDFYJnRpY2tldHByaWNlX2Zvcm1hdHRlZD0xNjglMkMyMCZwcmljZT0xNjguMjAmY3VycmVuY3lfY29kZT1FVVImc2hpcHBpbmdfZm9ybWF0dGVkPTUlMkM5MCZ0b3RhbF9mb3JtYXR0ZWQ9MTc0JTJDMTAmcmFuZG9tPTc2MDEzJmluc3VyYW5jZT0wLjAwJnByaWNlX2Zvcm1hdHRlZD0xNjglMkMyMCZnaWZ0d3JhcHBlcj0wLjAwJmFtb3VudD0yJmNvdXBvbj0wLjAwJm1lcmtpdGVtcz0wJnJlZmVyZXI9aHR0cCUzQSUyRiUyRnN0YWdpbmcuZXZlbnRpbS5kZSUyRmNnaS1iaW4lMkZ0aW5mby5kbGwlM0ZhZmZpbGlhdGUlM0RldmU=; HAHAHA+Deutschland_time=04045; CTG=1247133160; WSS_GW=V1z%BC@%B@riQ; s_nr=1247128127629; TSb9eef2=3f02746cdc4e67515cea09c98b1dccc048635239d4b8ba714a55bdc9; CP=null* Referer: https://staging.testland.ha/cgi-bin/customer.dll User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 X-Akamai-CONFIG-LOG-DETAIL: true TE: chunked;q=1.0 Connection: TE Akamai-Origin-Hop: 1 Via: 4.0 asi_server, 1.0 akamai.net(ghost) (AkamaiGHost) Accept-ESI: 1.0 X-Forwarded-For: 127.0.0.1 Host: myhost.test.nowhere Pragma: no-cache Cache-Control: no-cache, max-age=0 Connection: keep-alive Number: 88.79.247.30 akamaisession: candidate Letter: second X-Forwarded-For: 88.221.4.9 &action=payment&errordoc=globalError&kreditkarteInhaber=Fred%20Test&sent.y=0&sent.x=0&kreditkarteNummer=6677880000000004&sent=sent&affiliate=EVE&zahlungsart=2&kkMonth=02&kkYear=2012&fun=customer&nextdoc=summary&doc=payment&kreditkarteCvc=123 + - Response Response not found Referrer Object No records to display. Cookie Name Cookie Value Reason Parameter Name=Value Parameter Violations Parameter Level No records to display. XML Violation XML Buffer Description No records to display. Signature Name Signature ID Learn Alarm Block Context No records to display. Evasion Technique Detected Context No records to display. Pattern Context Credit Card NumberkarteNummer" value="6677880000000004" /> HTTP Protocol Compliance Support IDTime 170052960248913480132009-07-09 11:53:21

Disable CC data for POST requests

Forum Discussion

Recent Discussions

Errors with AS3 3.56.0 with F5 17.5.1.6
May 10, 2026
Juergen_Mang
F5 ASM/AWAF – violations logged but no learning suggestions generated
May 09, 2026
A_hassanein
F5 VELOS Backplane Inter-Tenants Communication
May 09, 2026
Saad_Deif
migrate from serie I to R. Cluster LTM-GTM
May 09, 2026
SuppEsp_AX
Best Practice guide for enabling Attack signature In BIG-IP ASM
May 09, 2026
Mohammed_87

Forum Discussion

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

IPv8 Would Fix My Routing Tables. It Will Never Ship.

Recent Discussions

Errors with AS3 3.56.0 with F5 17.5.1.6

F5 ASM/AWAF – violations logged but no learning suggestions generated

F5 VELOS Backplane Inter-Tenants Communication

migrate from serie I to R. Cluster LTM-GTM

Best Practice guide for enabling Attack signature In BIG-IP ASM

Related Content

Working with JSON data in iRules - Part 2

Working with JSON data in iRules - Part 1

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

Intermediate iRules: Data-Groups

Accelerating AI Data Delivery with F5 BIG-IP