For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dave_Burnett_20's avatar
Dave_Burnett_20
Icon for Nimbostratus rankNimbostratus
Nov 10, 2008

How to allow Search Engine Robots/Slurps through ASM?

We have recently installed a pair of F56400s (v9.4.3) in front of our website with ASM in blocking mode.     We are seeing and blocking loads of Non-RFC compliant request violations. Exami...
app sec
BIG-IP Access Policy Manager (APM)
security
dburnett_103851's avatar
dburnett_103851
Icon for Nimbostratus rankNimbostratus
Jan 22, 2009
Did what you suggested and opened a case with F5.

 

 

Their response was that turning off the 'Header Name with No Header Value' blocking did not give rise to any issues/risks to the website that they were aware of.

 

 

They pointed out that, within the HTTP Protocol Compliance section there are only 3 blocks that you should never turn off (Unparsable request content, Null in request and Several Content-Length headers)

 

 

I asked why, if there are no risks, is the Header Name with No Header Value block enabled by default after upgrading to 9.4.5. They haven't answered that one yet.

 

 

Anyway, the upshot of the matter is that I've turned off the block so that the slurps should now be getting through.