Parameter length in ASM when protecting APM

Question

Hello,&nbsp;
I'm having issues setting parameter lengths in an ASM policy protecting an application that is protected by APM.&nbsp;
For example in the below request for the parameter IsGroup the ASM is evaluating the value as True;F5_origin=a2e646f6d61696e instead of just True so instead of being a length of 4 the length is generating an ASM violation.&nbsp;
POST /f5-w-a2e646f6d61696e$$/Reporting/Deposits/Customers?CustomerHierarchyKey=1&amp;ReportFrom=11%2F30%2F2014%2000%3A00%3A00&amp;ReportTo=12%2F29%2F2015%2000%3A00%3A00&amp;Wildcard=Exact&amp;CentreID=0&amp;IsGroup=True;F5_origin=a2e646f6d61696e&amp;F5CH=I HTTP/1.1&nbsp;
Any thoughts would be gladly received.&nbsp;

binarycanary_19 · Answer

I think the ASM is interpreting it correctly. Parameters are delimited by "&", not by ";". You may need to fix what is generating those parameters so it uses "&" instead of ";". Is it APM doing this? I can't help much on the APM aspect.

daniel_hicks_17 · Answer

Thanks, yes it's APM adding the ";F5_origin" bit. The easy work around is to make the parameter lengths longer, I thought I'd post and see if someone had some experience of this and could suggest some alternative solutions.

Forum Discussion

Parameter length in ASM when protecting APM

Recent Discussions

ip x-forwarding

F5 ASM API-Protection Policy

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Related Content

Brute Force protection for single parameter like OTP

L7 DoS Protection with NGINX App Protect DoS

Beyond REST: Protecting GraphQL

Managing NGINX App Protect WAF for Beginners

Cookie-based DDoS protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS