F5 ASM file upload with Arabic content not allowed
We are currently running on version 13.1.1.2. We have an F5 cluster on the internal and another on external (DMZ). We have browser based applications used for file uploads to the server. Back end servers are the same for the internal VIPs and external VIPs. File uploads to the internal VIP have no issues. This is why the applications were published externally. Our issue now is that when users upload a file with Arabic content on the file (be it .pdf, .doc, image, etc.). The ASM is blocking it. There is no Support ID on user side but only Web Exception message. File uploads with plain English are allowed. This is happening even if the asm policy is transparent. We have to totally remove the Security policy from the VIP so file upload with Arabic content can be allowed. The event log show different violations. Even if we accept suggestion or do the mitigation, the violation is still there if a file with Arabic content is uploaded. We have even exported the security policy from the internal F5 and imported it into the external F5 but still the issue is there. This was working last week. This is happening to all published applications on the external F5. The only difference is that the external cluster have the latest ASM attack signatures. We tried to revert the ASM attack signatures to match the internal F5 but still it did not work. There is an open F5 case but it is taking time for F5 to resolve. I
Why ASM counts the parameter length incorrectly
Good morning, I have an ASM policy with Unicode (utf-8) as application language. I noticed that ASM multiplys the Arabic characters in the parameters by two. That means if I have a word of 7 Arabic characters It counted 14. This triggers the alarm as the max length of the parameter is 10. I have BIG-IP v11.6.0 Build 4.111.420 Engineering Hotfix HF4. Could it be a bug in this version? Or is just a mistake I did?