Forum Discussion

Cirrus

Jun 26, 2019

Unparsable request content - which security tradeoff ?

Hello all, I am facing a violation for URL length exceeding the default ASM (2048) value. Options to deal with this seems to be : increasing the whole system variable value of 2048 Disable ...

MVP

Feb 01, 2024

Hi Aurel and santoshmashetti ,

The best security tradeoff is to define this URI(s) in ASM Microservices and disable HTTP compliance check under this URI only.

Look at here for more details :

https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations-14-1-0/working-with-bigip-security-policy-microservices.html

doing this narrow the attack service for your device and provide an optimal tradeoff for your policy.
But make sure this length is valid in the violation is a false positive.

Thanks

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Unparsable request content - which security tradeoff ?

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

F5 Security Podcasts

Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio

Auditing Security Policy Updates

My Security+ Certification Journey

Certifications for security professionals

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS