Forum Discussion

Rodolphe_AUBINE's avatar
Rodolphe_AUBINE
Icon for Nimbostratus rankNimbostratus
Jun 24, 2010

How to bypass (header Referer) from policies controls

Hi,     Some clients come to our websites with an "Header : Referer" wich is rejected by several signatures from ASM.     How can I disable ASM checks on this specific Header ?   Is it...
app sec
BIG-IP Access Policy Manager (APM)
security
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jun 24, 2010
Hi Rodolphe,

 

 

Unfortunately, ASM doesn't provide the ability to customize the policy enforcement by header name/value like you can with parameters. This would be a very useful feature as the Referer header often has many metacharacters I'd prefer not to allow for all headers and strings which match attack sigs that I wouldn't want to have to disable in the policy.

 

 

I've just ended up disabling any of the attack sigs which trigger false positives for the HTTP headers. I suppose you could try to do something clever with an iRule to sanitize the Referer header, but that might break the application.

 

 

You could open a case with F5 Support and ask them to consider adding a feature which would allow customization of the policy enforcement by header name.

 

 

Aaron