I repeatedly fin .well-known/assetlinks.json violation on my ASM logs:
* illegal file type
* illegal URL length
* illegal Request length
URL/Request length bot set to 0, and this request is auto generated from our sites, can I have the best action to prevent this false positive from appearing in logs as violation, without affect other security sides like I can't allow json files to be available for users.
Maybe see an article I made long ago as you can turn off a particular violation that comes from the source IP addresses of your bots with an irules:
Also look at the json profile options but they are more for bypassing signatures but you may check if the URL is having an assigned JSON profile as well-known/assetlinks.json means that the data should be JSON so it may need to be set for a more better match:
See here for how to match the source ip and then stop the violation for that URL: