Forum Discussion

Cirrostratus

Nov 07, 2019

Legitimate Traffic is Blocked at ASM Policy

Certain good traffic is blocked at ASM Policy. From the event Log i see as HTTP protocol compliance failed , due to HTTP Validation tagged with " Null in request" . HTTP POST shows %00 ( Bo...

Cirrostratus

Nov 08, 2019

Can you explain little bit more on this

"If you find this more concerning than globally allowing null bytes, then disabling the "null in request" violation would be the way to go."

Subrun

Cirrostratus

Nov 12, 2019

Thanks as of now for your reply. I am still trying to dig into it.

I am trying to understand refer to this K7931 and when we see "Null in Request" in our Event Log does this fall into below 2 criteria ?

Configuring the parameter with the NULL to use User-input value as the Parameter Value Type

Configuring the parameter with the NULL to use Ignore value as the Parameter Value Type

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Legitimate Traffic is Blocked at ASM Policy

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Dealing with iRule $variables for HTTP2 workload while HTTP MRF Router is enabled

APM webtop – problem with websockets for Serverside Blazor app

OWASP_Managed Issues

smtp port vs 25 and pool member 587

WebSocket connection to 'wss://...' failed: Invalid frame header

Related Content

F5 BOT DEFENSE AWAF blocked some legitimate browsers

Block traffic

Separating False Positives from Legitimate Violations

ASM flagging legitimate traffic as "most likely a threat"

Block IP after a number of ASM Blocks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS