For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MSZ's avatar
MSZ
Icon for Nimbostratus rankNimbostratus
Apr 19, 2016

Illegal URL Length - with URL extension

GET /XXXXX/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/common/logout.jsp?key=8096710438270224331&st=435a4a112d2d0692934e31b7ebe00e4e&KY1=02cba160 HTTP/1.1 Host: online.abc.com Referer: https://online.abc.com/XXXXX/common/logout_redirect.jsp?key=-1691352645243715963&st=435a4a112d2d0692934e31b7ebe00e4e&KY1=02cba160 Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: ar Connection: keep-alive DNT: 1 User-Agent: Mozilla/5.0 (iPad; CPU OS 9_0_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13A404 Safari/601.1

 

Do anyone face this blocked on F5 WAF? Why this happened?

 

ASM Advanced WAF
BIG-IP
security

10 Replies

  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Apr 19, 2016

    Check your max URL length setting: 

    Application Security -> File Types -> Allowed File Types

    It's either 

    .jsp
    or 
    *
    File Type that matches for this request. Increase the URL length value as needed.

    This should solve your problem.

    • MSZ's avatar
      MSZ
      Icon for Nimbostratus rankNimbostratus
      Apr 19, 2016
      Kindly check the header /XXXXX/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/common/logout.jsp? It looks suspicious. It is application error but please tell why it is occurred?
    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus
      Apr 19, 2016
      That you must check with your application team. Why do you think the error has anything to do with F5? If you want to suppress the ASM violation for such requests, modify the setting I mentioned. Other than that, investigate for root cause in the application. Cannot help you further with that.
    • MSZ's avatar
      MSZ
      Icon for Nimbostratus rankNimbostratus
      Apr 21, 2016
      I would like to know that what thing in application make such requests. Repeated characters in URL
  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Icon for Nacreous rankNacreous
    Apr 19, 2016

    Check your max URL length setting: 

    Application Security -> File Types -> Allowed File Types

    It's either 

    .jsp
    or 
    *
    File Type that matches for this request. Increase the URL length value as needed.

    This should solve your problem.

    • MSZ's avatar
      MSZ
      Icon for Nimbostratus rankNimbostratus
      Apr 19, 2016
      Kindly check the header /XXXXX/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/common/logout.jsp? It looks suspicious. It is application error but please tell why it is occurred?
    • Hannes_Rapp_162's avatar
      Hannes_Rapp_162
      Icon for Nacreous rankNacreous
      Apr 19, 2016
      That you must check with your application team. Why do you think the error has anything to do with F5? If you want to suppress the ASM violation for such requests, modify the setting I mentioned. Other than that, investigate for root cause in the application. Cannot help you further with that.
    • MSZ's avatar
      MSZ
      Icon for Nimbostratus rankNimbostratus
      Apr 21, 2016
      I would like to know that what thing in application make such requests. Repeated characters in URL