GUID omission in request URL
Hello,
I use BIG-IP 14.1.2.7 with the ASM module. I have a URL in my system which includes a dynamic GUID as part of the URL. For example: “/api/user/9fa42455-7adc-4550-813d-53c1aed654a9/permissions”.
For some unknown reason, when I want to add it as an allowed URL in the ASM, the only way I managed to do that is to add the URL “/api/user//permissions” – It seems that the ASM ignores the GUID and I have to use double-slash between “user” and “permissions”. It is also recognized that way (without the GUID) in the title of the request log, although the GUID does appear inside the request tab, together with all the request details. I prefer adding a wildcard URL but the ASM does not recognize it as matching to the request URL, so it does not work.
I have a second BIG-IP instance with s similar policy and in this second instance the same URL is recognized as expected, and I managed to add valid wildcard to approve it. Therefore, I believe that the omission of the GUID in the first BIG-IP instance is some configuration, but I did not manage to find it. Also, it seems that this behavior is specific to GUIDs – any other string between “user” and “permissions” is recognized normally.
How can I configure the BIG-IP to recognize the GUID as GUID and not as an empty string so I can use a wildcard URL?
Thanks
can it be the "Dynamic Session ID in URL" setting on the advanced security policy settings which is different between the policies?
https://support.f5.com/csp/article/K6756