WAF / ASM : Referer: android-app://com.google.android.gm - Evasion Technique detected

Question

Been seeing this Evasion Technique on the referer Header popping up in learning suggestions. I'm hesitant to follow the learning suggestion to Set Evasion Techniques Violations to disabled on the referer. The detected evasion technique is Multiple slashes, This seems like something Android is doing that might be breaking the HTTP spec, or if not, should I pester F5 to not detect this? Like I said, I'm hesitant to disable the Multiple slashes evasion technique outright,

Thanks for any feedback or insight!

leslie_hubertus · Answer

Hi&nbsp;SalC&nbsp;-&nbsp;I'm featuring your post in today's Community Highlights to boost the chances someone in the community will come by with an answer for you.&nbsp;

boneyard · Answer

Seems to happen for more people and was sort of an attack at some time, but then mainly for trailing slashes, is that also in your case?
I think what mainly matters is if that breaks funtionality on your website? Do you see traffic which feels legimate that triggers this alert? Because if not I would certainly not disable the alert. If it seems to be needed I would look into only disabling it in the cases needed.

Forum Discussion

WAF / ASM : Referer: android-app://com.google.android.gm - Evasion Technique detected

Recent Discussions

APM webtop customization header message

Installing a PKCS 12 File onto an F5 Device

Irule to allow specific IPs

Uploading SKCS 12 File to F5 Device

F5 not Identifying Parameter in Text/Plain Upload

Related Content

WAF evasion techniques for Command Injection

F5 Distributed Cloud Customer Edge on F5 rSeries – Reference Architecture

Cloud Docs - F5OS Technical Reference Materials

Customer Edge Site High Availability for Application Delivery - Reference Architecture

Mitigating new HTTP Request Smuggling techniques with BIG-IP ASM