Forum Discussion
hooleylist
Mar 06, 2012Cirrostratus
You might be able to use an iRule to selectively block for this type of violation if the requested URI is not in a string data group of URIs to allow the violation on. The general idea is that you'd disable blocking for the violation but leave alarm enabled and then check the [ASM::violation_data] array in the ASM_REQUEST_VIOLATION event. I'm not sure whether the subviolation for unparsable request content has been added for ASM::violation_data though. Can you try testing this on a non-production virtual server?
First though, why is a client sending unparsable request content? Generally this means that the client is sending an improperly formatted request which breaks the HTTP RFCs. Are you able to change either the application or the client to fix this? That would be the ideal solution.
Aaron