Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

F5 ASM Filter/Block Parameter without blocking page

Hello,

we want to config that the F5 ASM Policy block some paramters but the F5 shoult not display a blocking page because if we block at this way our web application goes out of pass an the session and all entries which the user has made in forms or in a text box are lost and the user has to do maybe 10 forms to fill it again, how can we handle this topic ? Maybe I could get some best practice recommendations ?

0
Rate this Question
Comments on this Question
Comment made 28-Mar-2017 by eLeCtRoN 251

An example what I think to do is, I have the path from input fields, there are just numbers allowed. If the user put now some symboles into the input field the ASM would block it, but maybe is it possible to clear the fields fill it with just zeros (00000000) and the application give us back that this entries are not valid and so I can maintain my session and I do not lost some data from the input fields or text boxes ! I hope to get some best practices for this case or how would be implement this regular because I think I'm not only the ONE who want to do this ;)

0
Comment made 29-Mar-2017 by samstep 1908

in most applications usually this kind of validation is done on the client side using JavaScript - so please do talk to your application developers (if they are available) to add such validation. ASM enforces the Server-side validation (e,g, an attacker switches off JavaScript, uses a non-browser scanner tool)

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

This is tricky and depends on your application. The whole idea of a blocking page is that ASM is letting know the genuine users that their request is illegal. If the user is an attacker then there is no point in helping that user any further. However it is also possible that the block was a false positive. A properly tuned ASM policy should minimize false positives.

The question is: if ASM Blocking page is causing your application to lose forms data then what kind of response will not do that? If you know the answer then you can create an iRule to tackle that situation and intercept the blocking page, drop the request or unblock the request (depending on your requirements)

Check out:

https://devcentral.f5.com/wiki/irules.asm__unblock.ashx

0