F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

draco's avatar
draco
Icon for Nimbostratus rankNimbostratus
Feb 18, 2018

Hi

I was getting false postives on f5 asm with violation post content length is 0.I had disabled that violation under http compliance violation in blocking settings.but the request is still getting bloc...
application delivery
ASM Advanced WAF
BIG-IP
security
Erik_Novak's avatar
Erik_Novak
Icon for Employee rankEmployee
Feb 20, 2018

First, if you disabled the violation for POST request with Content-Length: 0 then ASM should not be blocking any requests that contain a zero-length POST body. Make sure you click Save and Apply Policy after changing the blocking option. Second, the Content length should be a positive number violation is sort of related, in that it also checks the Content-Length header to ensure that it is at least 1. Either of these 0 values could indicate a response splitting attempt, or a denial of service attempt.