HTTP parser violation

Question

Hi
I am getting the above violation for a particular url as it exceeds the default url length of 2048 . Can i write a irule telling if that particular url is seen , then to unblock the traffic ? because the other option is to change the system variable which will impact the othe policies and i dont need that. Also i dnt want to uncheck the http parser violation blocking setting as well.
when ASM_REQUEST_DONE {

if { [HTTP::uri] contains "/abc" &amp;&amp; [ASM::violation attack_types] equals "ATTACK_TYPE_HTTP_PARSER_ATTACK" } {

ASM::unblock 
    }

romani_2788 · Answer

Hey Draco,
Yes, you are correct, this will be the way to go about it, and it seems you have the right  violation description. 
Matching that with the specific URL should give you the control that you need.&nbsp;

Forum Discussion

HTTP parser violation

Recent Discussions

Default retry time inband monitor

how to monitor the axfr master response

Http / https health monitor issue

I used the wrong email account when take Application Delivery Exam (101)

F5 looses the token for the first call

Related Content

JSON Web Token (JWT) Parser

Separating False Positives from Legitimate Violations

Rate limiting GraphQL API query using iRule and Advanced WAF Violation

(HTTP) Redirection via Arbitrary Host Header

The HTTP/2 CONTINUATION frame attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS