Evasion Techniques Blocking -Multiple decoding

Question

Evasion Techniques Blocking -Multiple decoding&nbsp;
We are getting genuine traffic blocked by ASM with the reason of possible Evasion Technique(Multiple Decoding).&nbsp;
We changed decoding passes from default to 5. Still it blocking.
Is there way to allow genuine traffic? 
What is the risk if we disable url normalization? or disable multidecoding viloation?
what is the correct process?&nbsp;
Many Thanks!&nbsp;

kash_276820 · Answer

Any answers please?&nbsp;

samstep · Answer

Examples of your requests which get blocked? difficult to understand what is going on without an example. This rule is known to produce false positives when % character is used, for example in password fields. In such cases % character can be allowed on specific parameter (e.g. password) as an excpetion without making policy less secure. If you disable the rule hackers can easily hide their attacks by encoding the payloads&nbsp;

Forum Discussion

Evasion Techniques Blocking -Multiple decoding

2 Replies

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

IPv8 Would Fix My Routing Tables. It Will Never Ship.

Recent Discussions

Errors with AS3 3.56.0 with F5 17.5.1.6

F5 ASM/AWAF – violations logged but no learning suggestions generated

F5 VELOS Backplane Inter-Tenants Communication

migrate from serie I to R. Cluster LTM-GTM

Best Practice guide for enabling Attack signature In BIG-IP ASM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS