Forum Discussion

Akber_Mirza_128's avatar
Akber_Mirza_128
Icon for Nimbostratus rankNimbostratus
Oct 29, 2013

Not able to attach DOC/excel in F5 ver 11.3 ASM Blocking mode

Hello ,

 

I am not able to attach DOC/excel in F5 ver 11.3 ASM Blocking mode.

 

My Requirement : When i un-check the Block option from the below parameter i am able to attach even xip,exe extn and when i check the Block option for below parameters it is blocking DOC/word as well.

 

Please provide the necessary help !

 

***Following is the error details

 

-Null in multi-part parameter value Error Yes Yes Yes* **

 

G..e.n..e..r.a..l. .I.n..f.o..r.m...a.t..io..n.......................................................................................... Requested URL: [HTTPS] /owa/ Security Policy: Exchange_httpclass Source IP Address: 86.98.49.x:61018 Source IP Address Intelligence: N/A Destination IP Address: 192.168.1.xx:443 Geolocation: United Arab Emirates Time: 2013-10-29 08:58:16 Request Status: Blocked, Truncated Severity: Error Response Status Code: N/A Attack Types: Buffer Overflow Username: N/A Session ID: 62d1860c911c432b

 

A..t.t.a..c.k.. .T..y.p..e..s.................................................................................................... Buffer Overflow Buffer Overflow could be triggered when data written to memory exceeds the allocated size of the buffer for that data. This could lead to the Denial of Service or arbitrary code execution.

 

.V..io..l.a..t.i.o..n..s........................................................................................................ Null in multi-part parameter value Description The system checks that the multi-part request has a parameter value that does not contain the NULL character (0x00). If a multipart parameter with binary content type contains NULL in its value, the enforcer issues this violation. The exceptions to this are: - If that parameter is configured in the policy as "Ignore value". - If that parameter is configured in the security policy as "user-input file upload". - If the parameter has a content-type that contains the string 'XML' and the parameter value contains a valid UTF16 encoded XML document (the encoding is valid). In this case NULL is allowed as it is part of the UTF16 encoding. Details Parameter Level: Global

 

Regards, Akber Mirza.

 

3 Replies

Sort By
  • Akber_Mirza_128's avatar
    Akber_Mirza_128
    Icon for Nimbostratus rankNimbostratus
    Oct 29, 2013

    Hello Team,

     

    Please suggest if the issue can be resolved by changing Request Buffer size from 10000 Bytes to 17000Bytes.

     

    Regards, Akber Mirza.

     

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Oct 29, 2013

    akber,

     

    I'm not too sure that will resolve your issue. Looks like the block is "Null in multi-part parameter value". If you check your policy settings the block column will be blocked. You could uncheck this? Else I'd check the Learn column for this, test a block and then go to the Policy Building, Manual, Traffic Learning bit of the GUI. This will offer a learning suggestion on how to allow it.

     

    Hope this help,

     

    N

     

  • Eric-Marie's avatar
    Eric-Marie
    Icon for Nimbostratus rankNimbostratus
    Nov 18, 2014
    Hello Akber, Did you succeed in having ASM allowing such upload? Thank you for your update. Sincerely Eric-Marie