We have an APM policy with an portal application where users upload files, we see randomly internal server 500 errors appearing during several file uploads. We are checking if this could be caused by ASM and try to bypass URLs that contain upload however it seems that the bypass is not being performed as it is not being hit on that particular virtual server but on client side we confirm that the client is requesting this URL.
These URL are always rewritten on F5 with an identifier in the URL something like https://hostname/F5identifier/upload and body payload contains the file.
So actually two questions
What could be causing this internal_server error?
Why isnt the ASM policy being bypassed, perhaps because APM portal APP has preference (internal F5 processing)?