Dynamic URLs setting off illegal file type events. eg. https://site.com/email/jim@jim.com

Question

Hi Guys,&nbsp;
One of our applications dynamically passes text from an text box to the URL as the user types resulting in lots of illegal file type events. The text box allows users to enter an email address and as the user types, the app posts the data that is provided to check if the email is valid and if the email is already in use.&nbsp;
I have tried to create a wildcard allows url eg. /api/email/* expecting that this path would then be excluded from the ASM policy rules however even with this exclusion in place the ilelgal file types rule is still triggered for every character typed. For the moment I have set a wildcard file type which will allow any file type to be requested which is not ideal however it provides usability.&nbsp;
Any advice on rectifying this would be great. Thank you.&nbsp;

rob_carr · Answer

You could try bypassing ASM for the specific URL(s) in question, or having a separate policy for the specific URL(s).&nbsp;
Something similar was discussed here: Disable ASM on a specific URL&nbsp;

Forum Discussion

Dynamic URLs setting off illegal file type events. eg. https://site.com/email/jim@jim.com

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

Setting up persistence in F5 XC

Setting up BIG-IP with AWS CloudHSM

Improve BIG-IP APM VPN speed with TLS dynamic record size

Resolving DNS, and dynamically selecting pool

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS