Forum Discussion
HTTP parser violation
Hi
I am getting the above violation for a particular url as it exceeds the default url length of 2048 . Can i write a irule telling if that particular url is seen , then to unblock the traffic ? because the other option is to change the system variable which will impact the othe policies and i dont need that. Also i dnt want to uncheck the http parser violation blocking setting as well.
when ASM_REQUEST_DONE {
if { [HTTP::uri] contains "/abc" && [ASM::violation attack_types] equals "ATTACK_TYPE_HTTP_PARSER_ATTACK" } {
ASM::unblock
}
- Romani_2788Historic F5 Account
Hey Draco, Yes, you are correct, this will be the way to go about it, and it seems you have the right violation description. Matching that with the specific URL should give you the control that you need.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com