ASM Attack Signatures
Hi
We are currently using F5 ASM for one of our custom developed application and we are running into an issue as F5 ASM seems to be blocking some parameters. After some investigation, we found out that the issue was cause by "max recursion depth" happening when F5 ASM is doing validation on Parameter Attack Signatures. The reason this is happening is because in our application, we are using JSF RichFaces framework and it creates a parameter called 'originalFormSavedValues' which contains string values of the previous state of the web form and depending on the page, it can contain a very long string.
This then causes F5 ASM to produce 'max recursion depth' and when we spoke to F5 support mentioned that the only way to fix this is to change the limit of the whole device as documented in this link.
http://support.f5.com/kb/en-us/solutions/public/12000/800/sol12884.html?sr=26953709
However, we would need to re-test this to ensure it doesn't causes any additional negative impact to our devices.
The other alternative suggested is that we remove attack signature checking on the this parameter that is causing the issue. However, this means that the parameter is no longer being validated by F5. Are there better alternative solution to this?
I have also spoke to people who also run into this issues particularly with ASP.NET or SharePoint applications where in the '__VIEWSTATE' parameter is also causing "max recursion depth" and they had just removed attack signature on the parameter. Is there a better way to resolve this?
Is there may be a minimum suggested attack signatures that can be applied to this type of parameters that doesn't cause any issues? Thanks.