Forum Discussion

Nimbostratus

Sep 14, 2021

Drop request by body message

Hi, how can I block request for specific policy filtered by specific body message. For example this is body message (URL decoded): {"messageType":"Erro","messageVersion":"2.1.0","th...

ASM Advanced WAF

security

Tomislav

Nimbostratus

Sep 15, 2021

I have created new attack signature.

I have set type as request, added system technologies, attack type.

Under rule Matched Element is Request Content, Contains String, under Keyword.... valuecontent:"Invalid JSON. Value null of type org.json.JSONObject$1 cannot be converted to JSONObject"; jsononly;

Match case is checked and Accuracy and Risk is set to Low,

This attack signature is added to signature set which is bind to policy. Policy changes are applied.

Yet it does not seem to drop the request, in SIEM tool we can see request:

request_status="passed",response_code="200"

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Drop request by body message

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

FIX Message Response

How do I drop traffic on ASM?

Bug ID 878641: "TLS1.3 certificate request message does not contain CAs" not fixed?

response message be processed by SSLO again?

Logging of DNS Requests and Responses without a DNS license

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS