Bare Byte decoding false positive

Question

Hello, I'm tuning an ASM policy and I'm getting requests that are hitting this learning suggestion:

Action: Set Learn to disabled. Set Enabled to off.

Matched Evasion Technique: Bare byte decoding

I know requests are false positives (I can see from my log manager that are always the same ten requests to hit this alert), I want to create an exception in order not to block them, but I don't want to globally disable the "Bare Byte decoding" detection as suggested in "Action".

What options do I have?

Thank you!

samir · Answer

Just suggestions, I am sure you are aware. If it is known source(IP/ URI) then can be bypass also.

Forum Discussion

Bare Byte decoding false positive

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

F5 Distributed Cloud WAF AI/ML Model to Suppress False Positives

Handle False Positive for files upload

CMS causing False Positives

Separating False Positives from Legitimate Violations

Attack Signature False Positive Mode