Dynamic URLs setting off illegal file type events. eg. https://site.com/email/jim@jim.com

Question

Hi Guys,&nbsp;
One of our applications dynamically passes text from an text box to the URL as the user types resulting in lots of illegal file type events. The text box allows users to enter an email address and as the user types, the app posts the data that is provided to check if the email is valid and if the email is already in use.&nbsp;
I have tried to create a wildcard allows url eg. /api/email/* expecting that this path would then be excluded from the ASM policy rules however even with this exclusion in place the ilelgal file types rule is still triggered for every character typed. For the moment I have set a wildcard file type which will allow any file type to be requested which is not ideal however it provides usability.&nbsp;
Any advice on rectifying this would be great. Thank you.&nbsp;

rob_carr · Answer

You could try bypassing ASM for the specific URL(s) in question, or having a separate policy for the specific URL(s).&nbsp;
Something similar was discussed here: Disable ASM on a specific URL&nbsp;

Forum Discussion

Dynamic URLs setting off illegal file type events. eg. https://site.com/email/jim@jim.com

1 Reply

Recent Discussions

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Related Content

Setting up BIG-IP with AWS CloudHSM

Setting up persistence in F5 XC

Set HTTP version

Regex for dynamic URI

Setting up F5 Telemetry Streaming with Splunk Cloud