Forum Discussion
Preet_pk
Aug 22, 2021Cirrus
Investigation/identification of WAF violations from archived F5 ASM security logs
Hi, In our infrastructure, F5 ASM application events are available only for 2 hrs, logs which are older that 2 hrs is getting purged out. Please let me know how to identify/investigate violati...
Preet_pk
Aug 22, 2021Cirrus
Hi,
Please let me know how you figured it out, can you help me with the steps to figure out the same.
- Daniel_WolfAug 22, 2021MVP
I tried to find some way that the 39 made sense. I found K6998 and I exported one of my Security Polices to XML. There you will find something like:
<metachar character="0x22">disallow</metachar> <metachar character="0x23">allow</metachar> <metachar character="0x24">allow</metachar> <metachar character="0x25">disallow</metachar> <metachar character="0x26">allow</metachar> <metachar character="0x27">allow</metachar>
On position 39 you will find 0x27. Now I knew the HEX and DEC representation of the character.
With this information I found the binary value and I could reverse it from the table in the RFC.
I tried a couple of other values to verify that my assumption is correct.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects