Forum Discussion

Nimbostratus

Mar 02, 2012

Block all "HTTP Protocol Compliance - Unparsable request content" EXCEPT a Specific URL?

Is it possible to allow a specific URL to bypass a block of "Unparsable Request Content"? When I went to Manual Policy Building > Traffic Learning > RFC Violations > HTTP Protocol complian...

Cirrostratus

Mar 06, 2012

You might be able to use an iRule to selectively block for this type of violation if the requested URI is not in a string data group of URIs to allow the violation on. The general idea is that you'd disable blocking for the violation but leave alarm enabled and then check the [ASM::violation_data] array in the ASM_REQUEST_VIOLATION event. I'm not sure whether the subviolation for unparsable request content has been added for ASM::violation_data though. Can you try testing this on a non-production virtual server?

First though, why is a client sending unparsable request content? Generally this means that the client is sending an improperly formatted request which breaks the HTTP RFCs. Are you able to change either the application or the client to fix this? That would be the ideal solution.

Aaron

Forum Discussion

Block all "HTTP Protocol Compliance - Unparsable request content" EXCEPT a Specific URL?

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

exclude HTTP::header value Content-Type] equals "text/xml; charset=utf-8" from SSL redirect

Decoding PCI-DSS v4.0: F5's Ridiculously Easy Guide to Technical Compliance

F5 BIG-IP Advanced WAF: OWASP Top 10 Application Security Risks 2021 Compliance Dashboard

Making WAF Simple: Introducing the OWASP Compliance Dashboard

"Content Switching" to non-addressable virtual server