cancel
Showing results for 
Search instead for 
Did you mean: 

ASM detecting violations "top" "time" within HTTP cookies

Its_not_the_F5
Nimbostratus
Nimbostratus

Hello Dev Central community,

I have a question about ASM triggering violations for known attack signatures for execution attempts based on keywords "top", "time", "source", etc. and how to properly handle these false positives.

 

These keywords appear within the HTTP cookie, where some URI paths include "top" and other unix/linux commands.

 

Aside from disabling this ASM violation from the security policy - is there a way to have the F5 ASM ignore these parameters?

3 REPLIES 3

Lidev
MVP
MVP

Hello,

 

You can overide specific attack signature in Security ›› Application Security : Headers : Cookies List ›› Edit Cookie.

 

0691T000009jjsoQAA.png

Thanks Lidev! Appreciate the response. I'll edit the cookie list.

Your welcome, if my answer was helpful, please don't forget to mark the answer as "Select as Best" in order to pass you post as resolved and help others peoples to find it.