Forum Discussion

cmcnicholas's avatar
cmcnicholas
Icon for Cirrus rankCirrus
Jan 19, 2024

UTF-8 character query

Hi,

we had a request to apply a security filter would allow the first 8400 range of the UTF-8 charset on one of our ASM policies. Some characters were being blocked during customer testing.

Other troubleshooting issues took priority, and after a couple of weeks the customer reported that it now seemed that we were passing along all the printable UTF-8 characters. All 143680 printable characters from UTF-8 were now passed through and allowed as input to their service.

I am trying to understand how all UTF-8 characters are now allowed. I went through the ASM policy in question and not see any setting which may have been changed. Perhaps there was an F5 wide change or setting which was adjusted to allow this?


application delivery
security

2 Replies

Sort By
  • Joseph_Martin's avatar
    Joseph_Martin
    Icon for Employee rankEmployee
    Jan 20, 2024

    If the ASM policy has Automatic Learning enabled, then if enough traffic was seen from enough different sessions and IP addresses AND over a long enough period of time, then it is certainly possible that all of the characters were "learned" as valid values.

    With that said, there are a number of other possible explanations for this, for which I would need more information to really nail down the exact cause.

    Joe M

  • Nikoolayy1's avatar
    Nikoolayy1
    Icon for MVP rankMVP
    Jan 21, 2024

    Check if the general violations for metacharacters in parameters or urls are enabled, also if under a specific url or parameter "Check for metacharacter" is being enabled as if there is no specific url or parameter then the wildcard url or parameter will match the request, so check there as well.