Forum Discussion

NiHo_202842's avatar
NiHo_202842
Icon for Cirrostratus rankCirrostratus
Feb 29, 2016

Despite correct wildcard URL, still getting suggestions

Hi all,

 

Running 11.5.1 HF10. So we have a web application where an applet is exchanging data via URLs such as /SvViewData, /SvExportToExcel, etc.. Because this is binary data, I need to disable parameter checking on these URLs or the ASM will complain it cannot read it.

 

I added a wildcard URL named '/Sv*' with all checking set to disabled. Images: https://i.imgur.com/6T38pOM.png https://i.imgur.com/zsjRR4b.png

 

However, I still get suggestions as you can see on the screenshot below. https://i.imgur.com/Oq4XSHx.png

 

Ideas? Thank you.

 

ASM Advanced WAF
BIG-IP
policy
security
url
wildcard

4 Replies

Sort By
  • Hussein_Ghazy_3's avatar
    Hussein_Ghazy_3
    Icon for Nimbostratus rankNimbostratus
    Feb 29, 2016
    This is the URL Properties Tab https://i.imgur.com/6T38pOM.png Choose the next tab which is URL Parameters, create the parameter you want and either disable or allow specific Value Meta Characters or Attack Signatures.
  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Mar 01, 2016

    If you want to disable the ASM for specific URLs it makes more sense to go to the Local Traffic Policy and tell the BigIP you want to disable ASM for specific URLs rather than passing to the ASM and trying to get the ASM to do this. This should help you get started: https://support.f5.com/kb/en-us/solutions/public/15000/000/sol15085

     

    Also, as configured your ASM is looking for a header named Any with a value of Any, which is probably not what you want. You must use a specific header, not a wildcard in that field.

     

  • NiHo_202842's avatar
    NiHo_202842
    Icon for Cirrostratus rankCirrostratus
    Mar 02, 2016
    @Hussein Ghazy: this is about blocking URLs in its entirety, not parameters.
  • Kimihito's avatar
    Kimihito
    Icon for Employee rankEmployee
    Mar 02, 2016
    The request hits HTTPS /SvViewData Somehow in your URL property page is not showing HTTP/HTTPS selector. Isn't it a case you configured the URL property for HTTP but the actual request is coming on HTTPS ?