I repeatedly fin .well-known/assetlinks.json violation on my ASM logs:
* illegal file type
* illegal URL length
* illegal Request length
URL/Request length bot set to 0, and this request is auto generated from our sites, can I have the best action to prevent this false positive from appearing in logs as violation, without affect other security sides like I can't allow json files to be available for users.
@MohammedHashayka - I see there is no response yet to your query. Have you found a solution or had any help here in the community or from F5 Support?
If not, I will see if I can find someone.
12-Jul-2022 09:09 - edited 12-Jul-2022 09:19
Maybe see an article I made long ago as you can turn off a particular violation that comes from the source IP addresses of your bots with an irules:
Also look at the json profile options but they are more for bypassing signatures but you may check if the URL is having an assigned JSON profile as well-known/assetlinks.json means that the data should be JSON so it may need to be set for a more better match:
See here for how to match the source ip and then stop the violation for that URL: