Forum Discussion

ALFONSO_SANTIA1's avatar
ALFONSO_SANTIA1
Icon for Nimbostratus rankNimbostratus
Sep 19, 2019

F5 ASM file upload with Arabic content not allowed

We are currently running on version 13.1.1.2. We have an F5 cluster on the internal and another on external (DMZ).

We have browser based applications used for file uploads to the server. Back end servers are the same for the internal VIPs and external VIPs.

File uploads to the internal VIP have no issues. This is why the applications were published externally.

Our issue now is that when users upload a file with Arabic content on the file (be it .pdf, .doc, image, etc.). The ASM is blocking it. There is no Support ID on user side but only Web Exception message. File uploads with plain English are allowed.

This is happening even if the asm policy is transparent. We have to totally remove the Security policy from the VIP so file upload with Arabic content can be allowed. The event log show different violations. Even if we accept suggestion or do the mitigation, the violation is still there if a file with Arabic content is uploaded.

We have even exported the security policy from the internal F5 and imported it into the external F5 but still the issue is there.

This was working last week. This is happening to all published applications on the external F5.

The only difference is that the external cluster have the latest ASM attack signatures. We tried to revert the ASM attack signatures to match the internal F5 but still it did not work.

 

There is an open F5 case but it is taking time for F5 to resolve. I

  • Can you please confirm the application encoding Method[UTF-8 or UTF-16]?

     

    If possible paste the ASM error name to help you on better way or Past the HTTP Request components. Hide the URL/URI part...