Another issue I'm having is ASM is triggering violations of file uploads done via a json playload (SharePoint 2016 files bigger than 100MB)
ASM is inspecting the payload and finding lots of forbidden stuff. And this driving users nuts 🙂
I read about the json profiles. I'm running V13 and I will be testing the url/parameters configurations/exclusions in the ASM policy but if you guys have any feedback on this that would speed thing up for me.
You might be able to create an allowed URL exception in the policy for uploaded JSON content by creating an allowed URL and then not inspecting body content. Try this:
Go to Security ›› Application Security : URLs : Allowed URLs : Allowed HTTP URLs and create/add the URL that is associated with the uploaded JSON data. This is will be your allowed URL.
Change the view to Advanced, then uncheck the Staging checkbox.
Click Header-Based Content Profile
Request Header Name: Content-Type
Request Header Value: json/text--the value appropriate for your app
