F5 ASM - Illegal URL

Requested U RL
Detection Cause
Applied Blocking Settngs
TTPS] OPTIONS
0120
*'token
Illegal URL

If the event log is a false positive and the URL is legal, then there are 3 Options

Create the wildcard URL

Create a wildcard URL

Create an Explicit URL

There should already be the wildcard URL, so the Illegal URL event log should be a rare occurence, and affect the older AWAF policies.

Create the wildcard URL

Security ›› Application Security ›› URLs ›› Allowed URLs ›› allowed HTTP URLs

Click create

Change from Eplicit to Wildcard

Type * in the space for the URL name

Untick Perform Staging

Click Create

Delete the Event Logs

Create a wildcard URL

Security ›› Application Security ›› URLs ›› Allowed URLs ›› allowed HTTP URLs

Click create

Change from Eplicit to Wildcard

Type the name of the wildcard URL in the space for the URL name e.g. /api/*

Untick Perform Staging

Click Create

Delete the Event Logs

Create an Explicit URL

Security ›› Application Security ›› URLs ›› Allowed URLs ›› allowed HTTP URLs

Click create

Type the name of the Explicit URL in the space for the URL name e.g. /api/login.html

Untick Perform Staging

Click Create

Delete the Event Logs

Note you can also define the Method as part of the URL:

GET /index.html

POST /index.html

These are 2 different objects and can have different settings. As always the most restrictive is always recommended.

Delete the Event Logs