Forum Discussion
ryan_hamdi
Nimbostratus
NimbostratusFalse Positive Bad Unescape BIG-IP ASM
I am encountering an issue where user input containing a percentage sign (%) causes the WAF to block the request with the error message "Bad Unescape". How can I resolve this issue while ignoring...
Hi Ryan,
while this is a negative security violation i.e ( User Unescape ) , you can use policy microservice which enables you to allow [Evasion Technique / HTTP compliance ] False positives under specific resource such as URI.
First ask the server owner >>> if this an expected to receive % from the clients and this is the nature of the application, if so I have simulated it in a demo for you , try it.
This violation will be only disabled under /register path whereas it will be triggered for any other resources under test.com.
Check that and let me know ...