Forum Discussion
aali86
Altostratus
AltostratusLooking for help for creating Dynamic content value in ASM
Hi Team
I am currently detected violation for following parameter for example. i am still try to creating dynamic content vlaue in WAF but it doesn't work. can you please give suggestion or any example for creating DCV
ctl00_ContentPlaceHoldserContent_RecommendationDetailwweq_Recommendation_RecommendationHissstory_ctrlList_GridView_clientSdstatess
SamirMVP
Its not that easy what we usually think. You need to review the pattern for last 2 week and then appy regex.
Hope it will be fun.
f51Cirrostratus
Creating a Dynamic Content Value (DCV) in a Web Application Firewall (WAF) like F5 ASM is a crucial step in ensuring that your application is secure from threats. The violation you're encountering may be due to incorrect parameter configuration, or the parameter might be misbehaving in a way that is unexpected by your security policy. The parameter you have given is a complex one, and it's quite possible that it's dynamic in nature. You can create a DCV for this parameter to tell F5 ASM that it's expected to change. Here's an example of how to do this using your parameter:
1. Log in to your F5 ASM user interface.
2. Navigate to "Security" > "Application Security" > "Policy Building" > "Dynamic Parameters".
3. Click "Create" to open the "New Dynamic Parameter" page.
4. Enter the parameter name as "ctl00_ContentPlaceHoldserContent_RecommendationDetailwweq_Recommendation_RecommendationHissstory_ctrlList_GridView_clientSdstatess".
5. Choose the method for which the parameter will be dynamic. This could be "POST", "GET", or "Any Method". You'll need to know how this parameter is being used in your application.
6. Specify the "Parameter Location" in the HTTP request, which could be the "Request Body", "URL Query String", or "Any".
7. If the value of the parameter is case sensitive, select "Yes" for "Is Value Case Sensitive".
8. Under "Pattern Recognition", you may choose "Always" dynamic as this parameter is likely to change often. If there's a specific pattern to the changes, you could use "Dynamic if Matches Pattern" and specify that pattern.
9. Click "Finished" to create your dynamic parameter.- LiefZimmerman
Admin
aali86 - - If your post was solved it would be helpful to the community to select Accept As Solution.
Thanks for joining and being part of our community. 
aali86Issue is not resolved
Have you seen this section of the ASM manual?
https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-0-0/25.html- aali86
Hi I have gone through this article before and applied DCV parameter, then i got so much violation
- Nikoolayy1
When I played importing a swagger/openapi file that had free form (swagger/openapi calls it free-form object) query parameters F5 in the background made a parameter that is using json profile that can have different names like test* and specific values maybe see if that helps .
F5 AWAF/ASM support for wildcard url and parameter... - DevCentral
Solved: Define allowed character in ASM for JSON parameter - DevCentral (f5.com)
Arbitrary query parameter names? · Issue #2622 · OAI/OpenAPI-Specification · GitHub
