Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

TsukiAzuma's avatar
TsukiAzuma
Icon for Altostratus rankAltostratus
Dec 12, 2022

How to tuning policy WAF F5 for Command Execution

I have a problem with policy WAF F5 WAF F5 block request when method is POST and payload have "vi" character But user login, request will block because method POST and "vi" character (in language: ...
application delivery
event
security
ragunath154's avatar
ragunath154
Icon for Cirrostratus rankCirrostratus
Dec 13, 2022

you can add the language header in the header allow list and disable the signature triggering the vi - command violation only to this header name.

TsukiAzuma's avatar
TsukiAzuma
Icon for Altostratus rankAltostratus
Dec 13, 2022

Thank you for your advice

But in request contain many "vi" character. It look like:

POST /login HTTP/1.1\r\nConnection: upgrade\r\nHost: xxx\r\nX-Real-IP: xxx\r\nX-Forwarded-For: xxx, xxx\r\nX-Nginx-Proxy: true\r\nContent-Length: 675\r\ncache-control: max-age=0\r\nupgrade-insecure-requests: 1\r\norigin: xxx\r\ncontent-type: application/x-www-form-urlencoded\r\nuser-agent: Mozilla/5.0 (Linux; U; Android 12; vi-vn; CPH2043 Build/SP1A.210812.016) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.88 Mobile Safari/537.36 HeyTapBrowser/45.9.0.1\r\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\nsec-fetch-site: same-origin\r\nsec-fetch-mode: navigate\r\nsec-fetch-user: ?1\r\nsec-fetch-dest: document\r\nreferer: xxx?type=cn\r\naccept-encoding: gzip, deflate, br\r\naccept-language: vi-VN,vi;q=0.9,en-US;q=0.8,en;q=0.7\r\ncookie: xxx