HTTP parser violation

Question

Hi
I am getting the above violation for a particular url as it exceeds the default url length of 2048 . Can i write a irule telling if that particular url is seen , then to unblock the traffic ? because the other option is to change the system variable which will impact the othe policies and i dont need that. Also i dnt want to uncheck the http parser violation blocking setting as well.
when ASM_REQUEST_DONE {

if { [HTTP::uri] contains "/abc" &amp;&amp; [ASM::violation attack_types] equals "ATTACK_TYPE_HTTP_PARSER_ATTACK" } {

ASM::unblock 
    }

romani_2788 · Answer

Hey Draco,
Yes, you are correct, this will be the way to go about it, and it seems you have the right  violation description. 
Matching that with the specific URL should give you the control that you need.&nbsp;

Forum Discussion

HTTP parser violation

1 Reply

Recent Discussions

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

JSON Web Token (JWT) Parser

AWAF - Do not log Geolocation violations from the Event Log

No Learning Suggestions But could see Violations in the event logs

iRule TCL: if 'something' in 'list' then, syntax/parser error

HTTPS to HTTP