Bypass the character for Evasion technique Detected violation
Hi, I need help to bypass or allow %", character which has triggered the Detection violation(Bad unescape) in JSON POST Data. This is legitimate request and i don't see this request on learning suggestion. I am able to find with the help support ID provided by user under the event logs.
ASM Policy in "Blocking" Mode switch to "Transparent" for some IP's
I have a policy that I need to switch to blocking but the business want to have a phased approach. Only the testing team should be in Blocking, while the rest of the business (a different IP range) remains in transparent. I need to keep the same policy so that I can "proof" that everything is running fine. Is there a method to do that ? Was thinking about an iRule but dont know how. I know how to disable ASM with an iRule but, that's something I don't want because I need to keep the learning suggestions. Bye St.
Cookie Violation - Expired TimeStamp.
Dear Team, I am usually facing an issue with (Cookie Violation-ExpiredTimeStamp), the TS cookies keep are expired always and trigger this violation. I am not sure if i am doing the configurations in the proper way so i need a help how and what is proper way to configure the protection? I mean is there is a relation between the real server session cookie and ASM cookie and how i can avoid the issue which always alarming the violation? it is a general question not specific to any case. Regards, Muhannad
increasing ASM system variable ecard_max_http_req_uri_len
Has anyone needed to increase the ASM system variable ecard_max_http_req_uri_len in a production envinronment? ecard_max_http_req_uri_len 2048 bytes Defines a maximum URI length that the system can support in its internal buffers. If this number is higher (more permissive) than the internal URI-length limit defined per file type, the internal file-type limit is the actual limit. Exceeding this internal limit triggers the HTTP protocol compliance failed violation. If so, how large did you make it?
Bot protection "Browser Verification" results/experience
I am just wondering what everyones user experience has been with "Browser Verification" when enabling anything other than then the defaults via any Bot Protection profile. For instance if I have Browser Verification set to anything other then "Challenge Free Verification" in our Sharepoint environments, "funky" things will happen such as users getting bot error/reference ID page when attempting to sign out or or an EXTREME amount of false positives occur and user traffic is impacted. In environments with older Java based apps, it will cause some browsers to automatically sign out when clicking any link in the web application after login (as if cookie persistence is blocked). I have gone back and forth with F5 in almost all my attempts to enable this future (as browser fingerprinting is something we really would like to utilize) but we just cant get it working in most cases (even with work arounds such as single page application or enable a DOS profile in transparent mode). Is something like Device ID+ the solution for all of my problems? https://www.f5.com/products/security/shape-security/f5-device-idplusUnparsable request content - which security tradeoff ?
Hello all, I am facing a violation for URL length exceeding the default ASM (2048) value. Options to deal with this seems to be : increasing the whole system variable value of 2048 Disable the HTTP compliance check "Unparsable request content" that implies removal of several others HTTP checks for the whole policy. Disabling ASM for the specified URI What do you think that would be the best security tradeoff ? Having no ASM at all for an URI, or releasing some HTTP checks on the whole policy ? or increasing default system value and then increasing ASM load. thanks a lot for any thoughtNo CAPTCHA - URL is not yet qualified for challenge injection
Hi, I am setting up Brute Force protection in ASM and have noted that I can get this drop traffic and alert, but when attempting to show the CAPTCHA, I only get the blocking page we have configured. The help notes that this occurs when theURL is not yet qualified for challenge injection, but the help also provides no details how to correct this. Can anyone assist? Assuming ASM policy: PolicyX and url: /LoginHere.aspx Thank you
