Forum Discussion

Altostratus

Jun 12, 2019

HTTP Compliance Exception

We have implemented ASM recently and one request was blocked because of content length being 0. Checked with application team and as per them that shouldn't be blocked. Is there a way to exclude a UR...

MVP

Jun 12, 2019

It seems to be a global setting. I couldn't find a way within the configuration utility to make an exception. But you could use an iRule to create an exception. See the iRule below.

when ASM_REQUEST_DONE {
  set uri [HTTP::uri]
  foreach violation [ASM::violation names] {
      if { $uri starts_with "/login.php" && [ASM::violation count] < 2 } {
          if { [matchclass [ASM::violation attack_types] equals "ATTACK_TYPE_HTTP_REQUEST_SMUGGLING_ATTACK"] } {
              log local0. "Violation $violation detected for URI $uri, but allowed anyway."
              ASM::unblock
          }
      } else {
          # More than one violation, too dangerous to Unblock
          return
      }
  }
}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

HTTP Compliance Exception

Recent Discussions

NAT for specific IPs

Upgrading BIGIP 2000S to R2600

TS Declarations for DNS

how to view list os client support via cli

automatic learning logs/report ?

Related Content

DoFirepassLogin (0xfffff82e) EXCEPTION

HTTP protocol compliance failed

https end to end

how to Redirect http to https exception any host

Selective mutual authentication by HTTP::Host

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS