Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

.well-known/assetlinks.json violation in ASM



I repeatedly fin .well-known/assetlinks.json violation on my ASM logs:

* illegal file type

* illegal URL length

* illegal Request length


URL/Request length bot set to 0, and this request is auto generated from our sites, can I have the best action to prevent this false positive from appearing in logs as violation, without affect other security sides like I can't allow json files to be available for users.




Community Manager
Community Manager

@MohammedHashayka - I see there is no response yet to your query. Have you found a solution or had any help here in the community or from F5 Support?

If not, I will see if I can find someone.

Maybe see an article I made long ago as you can turn off a particular violation that comes from the source IP addresses of your bots with an irules:

Also look at the json profile options but they are more for bypassing signatures but you may check if the URL is having an assigned JSON profile as well-known/assetlinks.json means that the data should be JSON so it may need to be set for a more better match:



See here for how to match the source ip and then stop the violation for that URL: