Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Apr 21, 2021

ASM -ATTACK SIGNTURE

From where ASM bring the below ?

Detected Keyword 8a_iVR18tOx=h[=u4DLfu[Am2cl058%<?iw`TR>s4B.4=3,b#B39bF,YAf>d2NS

 

when I'm trying to upload document in portal ex: .docx , I face block with attack signature detect

 

  • with file uploads through ASM, it always needs to define a explicit "file upload parameter" for a upload link. If not done, ASM will detect lot of false positives when it parse the attachement (e.g. images, pdf or docs).

     

    Plesae go through the below article and create necessary upload parameter.

     

    https://devcentral.f5.com/s/articles/file-uploads-and-asm

  • with file uploads through ASM, it always needs to define a explicit "file upload parameter" for a upload link. If not done, ASM will detect lot of false positives when it parse the attachement (e.g. images, pdf or docs).

     

    Plesae go through the below article and create necessary upload parameter.

     

    https://devcentral.f5.com/s/articles/file-uploads-and-asm

    • THE_BLUE's avatar
      THE_BLUE
      Icon for Cirrostratus rankCirrostratus

      in V15 , even if you choose Data Type to be File upload , the attack signture tab will still exist. Shall we have to disable attack check from file upload parameter?

  • which attack signature that blocked you and if you are sure that it is normal application behaviour you can allow it under matched parameter.

     

    check this article to Configuring attack signatures for a parameter

     

    https://support.f5.com/csp/article/K79544554