cancel
Showing results for 
Search instead for 
Did you mean: 

BIGIP ASM Json File Upload Violations

JoeTheFifth
Altostratus
Altostratus

Hi Guys,

 

Another issue I'm having is ASM is triggering violations of file uploads done via a json playload (SharePoint 2016 files bigger than 100MB)

ASM is inspecting the payload and finding lots of forbidden stuff. And this driving users nuts 🙂

I read about the json profiles. I'm running V13 and I will be testing the url/parameters configurations/exclusions in the ASM policy but if you guys have any feedback on this that would speed thing up for me.

 

Cheers !

1 REPLY 1

Erik_Novak
F5 Employee
F5 Employee

You might be able to create an allowed URL exception in the policy for uploaded JSON content by creating an allowed URL and then not inspecting body content. Try this:

 

  1. Go to Security ›› Application Security : URLs : Allowed URLs : Allowed HTTP URLs and create/add the URL that is associated with the uploaded JSON data. This is will be your allowed URL.
  2. Change the view to Advanced, then uncheck the Staging checkbox.
  3. Click Header-Based Content Profile
  4. Request Header Name: Content-Type
  5. Request Header Value: json/text--the value appropriate for your app
  6. Request body handling: Do nothing.

 

Does that help?