Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

ASM: Failed to convert character

Hello everyone,

I have an application protected by ASM using charset UTF-8. What happens is that sometimes I get some false-positives because the user browser is not using the charset informed in the meta tag. For instance, in some tests using Chrome and having as input some strings like “weißbier” or “über” I have no problems, but when I use Internet Explorer 11, ASM blocks the request with this error.

There is an article from Microsoft about this saying that IE does not always take the specified charset in the page but it might be overridden by OS settings:

https://support.microsoft.com/en-us/help/928847/internet-explorer-uses-the-wrong-character-set-when-it-renders-an-html

So my question is, how do you deal with this? I wouldn't like to disable this check in the Security Policy, any possible alternatives?

1
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

If you know which one is the problematic client and the policy element affected, you are able to allow traffic when it happens using iRule.

Something like this:

when ASM_REQUEST_VIOLATION
{
    set asmdata [ASM::violation_data]
    if {([lindex $asmdata 0] contains "VIOLATION_CHAR_CONV")}
    {
        if { [string tolower [HTTP::header User-Agent]] contains "msie" }
        {
            ASM::unblock
        }
    }
}
1
Comments on this Answer
Comment made 5 months ago by Luis Araujo 180

If you need to check more user-agent, you can use a datagroup and put it in Irule that Renato shared:

when ASM_REQUEST_VIOLATION
{
    set asmdata [ASM::violation_data]
    if {([lindex $asmdata 0] contains "VIOLATION_CHAR_CONV")}
    {
        if { [class match [HTTP::header User-Agent]] contains "dg_user_agent" }
        {
            ASM::unblock
        }
    }
}
1