Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

ASM detecting violations "top" "time" within HTTP cookies

Its_not_the_F5
Nimbostratus
Nimbostratus

‎19-Nov-2020 08:52

Hello Dev Central community,

I have a question about ASM triggering violations for known attack signatures for execution attempts based on keywords "top", "time", "source", etc. and how to properly handle these false positives.

 

These keywords appear within the HTTP cookie, where some URI paths include "top" and other unix/linux commands.

 

Aside from disabling this ASM violation from the security policy - is there a way to have the F5 ASM ignore these parameters?

Labels:
0 Kudos
3 REPLIES 3

Lidev
MVP
MVP

‎19-Nov-2020 09:02

Hello,

 

You can overide specific attack signature in Security ›› Application Security : Headers : Cookies List ›› Edit Cookie.

 

0691T000009jjsoQAA.png

0 Kudos

Its_not_the_F5
Nimbostratus
Nimbostratus
In response to Lidev

‎19-Nov-2020 09:38

Thanks Lidev! Appreciate the response. I'll edit the cookie list.

0 Kudos

Lidev
MVP
MVP
In response to Its_not_the_F5

‎20-Nov-2020 01:07

Your welcome, if my answer was helpful, please don't forget to mark the answer as "Select as Best" in order to pass you post as resolved and help others peoples to find it.

0 Kudos
Copyright © 2023 Khoros, LLC