Forum Discussion

daniel_hicks_17's avatar
daniel_hicks_17
Icon for Nimbostratus rankNimbostratus
Jan 07, 2016

Parameter length in ASM when protecting APM

Hello,

 

I'm having issues setting parameter lengths in an ASM policy protecting an application that is protected by APM.

 

For example in the below request for the parameter IsGroup the ASM is evaluating the value as True;F5_origin=a2e646f6d61696e instead of just True so instead of being a length of 4 the length is generating an ASM violation.

 

POST /f5-w-a2e646f6d61696e$$/Reporting/Deposits/Customers?CustomerHierarchyKey=1&ReportFrom=11%2F30%2F2014%2000%3A00%3A00&ReportTo=12%2F29%2F2015%2000%3A00%3A00&Wildcard=Exact&CentreID=0&IsGroup=True;F5_origin=a2e646f6d61696e&F5CH=I HTTP/1.1

 

Any thoughts would be gladly received.

 

2 Replies

  • BinaryCanary_19's avatar
    BinaryCanary_19
    Historic F5 Account

    I think the ASM is interpreting it correctly. Parameters are delimited by "&", not by ";". You may need to fix what is generating those parameters so it uses "&" instead of ";". Is it APM doing this? I can't help much on the APM aspect.

     

  • Thanks, yes it's APM adding the ";F5_origin" bit. The easy work around is to make the parameter lengths longer, I thought I'd post and see if someone had some experience of this and could suggest some alternative solutions.