Forum Discussion

Its_not_the_F5's avatar
Its_not_the_F5
Icon for Nimbostratus rankNimbostratus
Nov 19, 2020

ASM detecting violations "top" "time" within HTTP cookies

Hello Dev Central community,

I have a question about ASM triggering violations for known attack signatures for execution attempts based on keywords "top", "time", "source", etc. and how to properly handle these false positives.

 

These keywords appear within the HTTP cookie, where some URI paths include "top" and other unix/linux commands.

 

Aside from disabling this ASM violation from the security policy - is there a way to have the F5 ASM ignore these parameters?

3 Replies

  • Hello,

     

    You can overide specific attack signature in Security ›› Application Security : Headers : Cookies List ›› Edit Cookie.

     

      • Lidev's avatar
        Lidev
        Icon for MVP rankMVP

        Your welcome, if my answer was helpful, please don't forget to mark the answer as "Select as Best" in order to pass you post as resolved and help others peoples to find it.