It seems to be a global setting. I couldn't find a way within the configuration utility to make an exception. But you could use an iRule to create an exception. See the iRule below.
when ASM_REQUEST_DONE {
set uri [HTTP::uri]
foreach violation [ASM::violation names] {
if { $uri starts_with "/login.php" && [ASM::violation count] < 2 } {
if { [matchclass [ASM::violation attack_types] equals "ATTACK_TYPE_HTTP_REQUEST_SMUGGLING_ATTACK"] } {
log local0. "Violation $violation detected for URI $uri, but allowed anyway."
ASM::unblock
}
} else {
# More than one violation, too dangerous to Unblock
return
}
}
}