cancel
Showing results for 
Search instead for 
Did you mean: 

.well-known/assetlinks.json violation in ASM

MohammedHashayka
Nimbostratus
Nimbostratus

Dears, 

I repeatedly fin .well-known/assetlinks.json violation on my ASM logs:

* illegal file type

* illegal URL length

* illegal Request length

 

URL/Request length bot set to 0, and this request is auto generated from our sites, can I have the best action to prevent this false positive from appearing in logs as violation, without affect other security sides like I can't allow json files to be available for users.

 

Regards;

2 REPLIES 2

LiefZimmerman
Community Manager
Community Manager

@MohammedHashayka - I see there is no response yet to your query. Have you found a solution or had any help here in the community or from F5 Support?

If not, I will see if I can find someone.

------
Lief ZimmermanLiefZimmerman | @LiefZF5 | DevCentral Community Manager

Maybe see an article I made long ago as you can turn off a particular violation that comes from the source IP addresses of your bots with an irules:

 

https://community.f5.com/t5/technical-forum/knowledge-sharing-f5-asm-advanced-waf-options-for-granua...

Also look at the json profile options but they are more for bypassing signatures but you may check if the URL is having an assigned JSON profile as well-known/assetlinks.json means that the data should be JSON so it may need to be set for a more better match:

 

https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-asm-implementations/adding-json-support-to-an-exis...

 

 

See here for how to match the source ip and then stop the violation for that URL:

 

https://community.f5.com/t5/technical-forum/whitelisting-inboud-subnet-range-in-f5-using-irule/td-p/...