Forum Discussion

Scott123456789's avatar
Jan 11, 2021
Solved

ASM flagging legitimate traffic as "most likely a threat"

I'm fairly new to managing ASM and I'm learning on the fly. In this case, the protected application is a Jira instance. Most traffic that ASM has blocked for this application so far has been a single...
  • Scott123456789's avatar
    Jan 14, 2021

    According to F5 support, the problem was that ASM was trying to parse the attachment being uploaded. This is the job of anti-virus, not ASM. The solution was to create an allowed URL exception in the policy for this type of content.

     

    This instructs ASM to not inspect the BODY of the request:

     

    - Browse to: Security ›› Application Security : URLs : Allowed URLs : Allowed HTTP URLs

    - make sure to 'select' the correct policy

     

    - click 'Create' (for New Allowed URL)

     

    - change view to 'Advanced'.

    - Specify the URL (Explicit, [HTTPS] /rest/internal/2/AttachTemporaryFile)

    - uncheck staging

     

    - click on 'Header-Based Content Profile':

     Request Header Name: Content-Type

     Request Header Value: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet   

     Request body handling: Do nothing

     click 'Add'.

     move it up the list

     

    - click 'Create'.

     - Apply Policy