Forum Discussion

Cirrus

May 22, 2019

Referrals being blocked due to "Illegal File Type" violations

Hi,

we have web app that will begin receiving referrals. The referral ids can include a variety of characters including a full stop (.). At the moment, the asm policy treats anything after the last full stop (.) as a new file type. All requests will be similar to:

https://www.something.com/&siteid=blahblah.xhjkaaa.3432ff

We don't want to turn off the illegal file type checks as this is keeping a lot of noise out of the server logs eg. scanners looking for php. Is there a way that we can allow such URLs are https://www.something.com/&siteid=blahblah.xhjkaaa.3432ff to be loaded without flagging the illegal file type checks? They will all include "siteid"

Note, I did use a means of unblocking these requests in ASM however the business was not comfortable with the unblocking solution and would prefer to allow them through rather than blocking and unblocking.

Thank you.

No RepliesBe the first to reply

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Referrals being blocked due to "Illegal File Type" violations

Recent Discussions

Statistics ›› Analytics : HTTP : Overview

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

Related Content

Allow support of Grant Type "Client Credentials"

Separating False Positives from Legitimate Violations

Rate limiting GraphQL API query using iRule and Advanced WAF Violation

exclude HTTP::header value Content-Type] equals "text/xml; charset=utf-8" from SSL redirect

How can I add an "Illegal Header" in the Advanced WAF.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS