Forum Discussion

Nimbostratus

Feb 19, 2018

Hi

I was getting false postives on f5 asm with violation post content length is 0.I had disabled that violation under http compliance violation in blocking settings.but the request is still getting bloc...

Employee

Feb 20, 2018

First, if you disabled the violation for POST request with Content-Length: 0 then ASM should not be blocking any requests that contain a zero-length POST body. Make sure you click Save and Apply Policy after changing the blocking option. Second, the Content length should be a positive number violation is sort of related, in that it also checks the Content-Length header to ensure that it is at least 1. Either of these 0 values could indicate a response splitting attempt, or a denial of service attempt.

Recent Discussions

Content type hearder charset=UTF-8
Apr 28, 2024 stephen4f5
Web acceleration
Apr 28, 2024 KrishnaB
Create a CSR and Key using the BigIP LTM GUI when renewing a certificate
Apr 28, 2024 Danny_Arroyo
Enterprise Security best practices with F5 WAF
Apr 28, 2024 fahimfarookme
Disk space full - what files, folders are safe to delete?
Apr 28, 2024 rg-f5

Forum Discussion

Hi

Content type hearder charset=UTF-8

Web acceleration

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

Enterprise Security best practices with F5 WAF

Disk space full - what files, folders are safe to delete?