draco
Feb 28, 2018Nimbostratus
HTTP parser violation
Hi
I am getting the above violation for a particular url as it exceeds the default url length of 2048 . Can i write a irule telling if that particular url is seen , then to unblock the traffic ? because the other option is to change the system variable which will impact the othe policies and i dont need that. Also i dnt want to uncheck the http parser violation blocking setting as well.
when ASM_REQUEST_DONE {
if { [HTTP::uri] contains "/abc" && [ASM::violation attack_types] equals "ATTACK_TYPE_HTTP_PARSER_ATTACK" } {
ASM::unblock
}