Evasion Techniques Blocking -Multiple decoding

Question

Evasion Techniques Blocking -Multiple decoding&nbsp;
We are getting genuine traffic blocked by ASM with the reason of possible Evasion Technique(Multiple Decoding).&nbsp;
We changed decoding passes from default to 5. Still it blocking.
Is there way to allow genuine traffic? 
What is the risk if we disable url normalization? or disable multidecoding viloation?
what is the correct process?&nbsp;
Many Thanks!&nbsp;

kash_276820 · Answer

Any answers please?&nbsp;

samstep · Answer

Examples of your requests which get blocked? difficult to understand what is going on without an example. This rule is known to produce false positives when % character is used, for example in password fields. In such cases % character can be allowed on specific parameter (e.g. password) as an excpetion without making policy less secure. If you disable the rule hackers can easily hide their attacks by encoding the payloads

Forum Discussion

Evasion Techniques Blocking -Multiple decoding

2 Replies

Recent Discussions

ISP Bandwidth Utilization

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Geo Fence in ASM through irule for URI

google-visualization-issues

Related Content

Mitigating new HTTP Request Smuggling techniques with BIG-IP ASM

Credential Stuffing Tools and Techniques

Block traffic

domain blocking

Block IP after a number of ASM Blocks