HTTP Compliance Exception

It seems to be a global setting. I couldn't find a way within the configuration utility to make an exception. But you could use an iRule to create an exception. See the iRule below.

when ASM_REQUEST_DONE {
  set uri [HTTP::uri]
  foreach violation [ASM::violation names] {
      if { $uri starts_with "/login.php" && [ASM::violation count] < 2 } {
          if { [matchclass [ASM::violation attack_types] equals "ATTACK_TYPE_HTTP_REQUEST_SMUGGLING_ATTACK"] } {
              log local0. "Violation $violation detected for URI $uri, but allowed anyway."
              ASM::unblock
          }
      } else {
          # More than one violation, too dangerous to Unblock
          return
      }
  }
}

Thank you for your guidance. Would this have any performance impact?

What is violation count? Is it occurrences within a time frame?

Can you share attack type codes so tha I can reuse code for other compliance blocks as well?

Thanks in advance.

Every iRule would have some kind of impact on performane, but I can't tell you what the impact will be. If you want to find out, take a look at this article: https://devcentral.f5.com/s/articles/irules-optimization-101-05-evaluating-irule-performance

The violation count returns the number of violations found in the request. One HTTP request could trigger multiple violations. So if more violations are triggered for the same request, you'll probably want to block this and investigate the issue.

For a list of attack codes, see this link: https://clouddocs.f5.com/api/irules/ASM__violation_data.html

It's also good to know that the configuration utility gives hints on what to look for. See the example below.

What about 'Header 'If-None-Match' has no value'?