For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Julie's avatar
Julie
Icon for Altostratus rankAltostratus
Aug 20, 2020

ASM security policy with Atlassian Confluence

Has anybody configured an Atlassian Confluence server behind an F5 with ASM security? I find that it's getting LOTS of false positives that I'm hesitant to accept, mostly of the SQL injection variet...
ASM Advanced WAF
Atlassian
BIG-IP
confluence
security
NickAD's avatar
NickAD
Icon for Cirrus rankCirrus
Oct 21, 2020

Hey Julie, just curioius as I am building a policy for this as well.. did you end up finding any easier way? Or did it really come down to adding the correct URLs with the associated content profiles. The Content-Type headers is more so what I am curious about... the fact that the I'd expect to see application/json but instead it is text/plain is so weird.

Can't find Atlassian docs that explain why the app behaves in that way. Or if there's a case where I'd see POST data using the text/plain header and the body isn't JSON.