ASM - Truncated and Blocked, why?
I'm trying to figure out why this particular request keeps getting blocked.
Normally when I see a block, above the request details, it gives some clue as to why exactly it was blocked. This one only shows the lowest-violation rating, nothing else, except "critical, blocked"
I'm not entirely sure what it means by "truncated". Does it mean that the request reached the F5 in a truncated state? Does it mean the UI truncated it when displaying it? Did it mean the F5 truncated it?
The strangest part is that the request is generated by a url which contains a string much like "http://example.com/?q=(%20foo%20)". Internal JavaScript causes this request to hit the server multiple times as %28%2520foo%2520%29 i.e., double-escaped %20, single-escape '(' this is the request that gets blocked.
When I change my request to "http://example.com/?q=%28%20foo%20%29", The internal JavaScript generates the longer even more bizzare: %2528%2520foo%2520%2529 which does not get blocked.
I'm a bit of a n00b here, any ideas?