Forum Discussion
Nimbostratusno signature id in blocked request and no accept button available
hi everyone i have an issue with f5 logging. i have a request that is blocked, but no attack signature id is available in request log. attack type is path traversal and Violation Rating is Request is most likely a false positive. i have attached a screenshot below:
Simon_BlakelyEmployee
Path Traversal is an Evasion technique, not an Attack Signature.
Security ›› Application Security : Policy Building : Learning and Blocking Settings
Evasion Technique detected
> Directory traversals
david_berg_3177thank you for your response. in request log it hasnt specified (in the header or post payload) that where directory traversal has been detected.how can i find it?
- Simon_Blakely
Directory Traversal can only occur in the URI Path (i.e /../../ or similar).
- david_berg_3177
but threre is no directory traversal in uri:
POST /Module/Template/Item/DataItem.aspx?SiteId=d358f6f2-0g23b-4be0-857e-a11b763fb7bd&WebpartId=e02541c7-eccf-4d96-8bf2-ac352bfa367 HTTP/1.1
there is no violation name available above the URL in request log and i cant determine which violation has occurred.see screenshot below:
- Simon_Blakely
Is the POST content a multipart form or file upload?
File upload elements can have paths as well.
You will probably get a better result by raising a support ticket with F5, so the engineer can review the actual violation and policy.
- david_berg_3177
ok. thank you for your response.