For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MSZ's avatar
MSZ
Icon for Nimbostratus rankNimbostratus
Apr 19, 2016

Illegal URL Length - with URL extension

GET /XXXXX/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/common/logout.jsp?key=8096710438270224331&st=435a4a112d2d0692934e31b7ebe00e4e&KY1=02cba16...
ASM Advanced WAF
BIG-IP
security
Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Apr 19, 2016

Check your max URL length setting: 

Application Security -> File Types -> Allowed File Types

It's either 

.jsp
or 
*
File Type that matches for this request. Increase the URL length value as needed.

This should solve your problem.

  • MSZ's avatar
    MSZ
    Icon for Nimbostratus rankNimbostratus
    Apr 19, 2016
    Kindly check the header /XXXXX/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/login.js/common/logout.jsp? It looks suspicious. It is application error but please tell why it is occurred?
  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Apr 19, 2016
    That you must check with your application team. Why do you think the error has anything to do with F5? If you want to suppress the ASM violation for such requests, modify the setting I mentioned. Other than that, investigate for root cause in the application. Cannot help you further with that.
  • MSZ's avatar
    MSZ
    Icon for Nimbostratus rankNimbostratus
    Apr 21, 2016
    I would like to know that what thing in application make such requests. Repeated characters in URL
  • Valentine_96813's avatar
    Valentine_96813
    Icon for Nimbostratus rankNimbostratus
    Apr 21, 2016
    What was the block in ASM? It should tell you everything you need to fix this.