# AWAF evasion-technique explainer

> Type a sub-violation name or "evasions" for F5's eight evasion sub-violations explained, each with its default and the encoding trick it catches, or paste the evasions block of a declarative WAF policy to read each one back as enabled or disabled with the Multiple-decoding pass count. Grounded in F5 K7929; runs entirely in your browser.

- Tool: https://ronutz.com/en/tools/f5-awaf-evasion-explainer
- Family: Security & WAF

---

## What it does

F5 AWAF - Advanced WAF (formerly BIG-IP ASM - Application Security Manager) detects a whole class of attacks that hide behind encoding, where a payload is escaped or encoded so an attack signature never sees the real characters, and the web server decodes it back into the attack only after the firewall has looked. F5 groups the defenses under one violation, "Evasion technique detected" (`VIOL_EVASION`), split into eight sub-violations. This tool is the decode side of that violation: type a sub-violation name (or the word `evasions`) to get all eight explained, or paste the `evasions` block of a declarative policy to read each one back as enabled or disabled. It is grounded verbatim in F5's own K7929 and the current BIG-IP ASM violation chapter, and it runs entirely in your browser.

## Two modes, one input

Type `evasions` and the tool lists F5's eight sub-violations, each with its default state (all eight ship enabled), a plain-language description of what it normalizes or detects, and the encoding trick an attacker uses it to catch. Type a single name, like `Multiple decoding` or `Bad unescape`, and you get just that card. The lookup is forgiving about spacing, case, and percent signs, so `multiple decoding` and `Multiple decoding` both resolve.

Paste JSON instead, a bare `evasions` array, the `blocking-settings` object, or a whole `{ "policy": { ... } }` wrapper, and the tool switches to read-back mode: it reports each of the eight sub-violations as enabled, disabled, or not set, where "not set" means the policy inherits its template default rather than turning the check off. A disabled sub-violation is called out as a warning, because switching one off means that normalization is skipped and the evasion it caught can reach the application unresolved.

## The eight sub-violations

The tool covers exactly F5's eight, in the order the manual lists them: `%u decoding` (Microsoft `%u` Unicode escapes), `Apache whitespace` (the ASCII 9, 11, 12, 13 control bytes), `Bad unescape` (illegal hex like `%RR`), `Bare byte decoding` (raw bytes above 127), `Directory traversals` (`../` patterns), `IIS backslashes` (folding `\` to `/`), `IIS Unicode codepoints` (IIS-specific `%u` mappings from Windows-1252), and `Multiple decoding` (repeated decoding of nested encodings). Each name, default, and description is taken directly from F5's documentation.

## Multiple decoding and the pass count

Multiple decoding is the one sub-violation with a tuning value. In the declarative schema it carries `maxDecodingPasses`, which the schema bounds between 2 and 5 with a documented default of 3. The tool surfaces the pass count when a policy sets it, flags a value raised above the default as a note, and flags a value outside the 2-to-5 range as a warning, because the system would reject or clamp it. When the count is not set, the tool states the default that applies rather than guessing.

## The bridge to the encoding tools

Several of these sub-violations are the very same decode operations the toolbox already performs. The `%u` escapes, bare bytes, and the `%XX` percent-encoding that Bad unescape polices are the territory of the Base64/Percent codec, and Multiple decoding is simply percent-decoding run more than once. Each reference card names the related tool, so you can take an encoded string and watch the decode happen by hand, which is the fastest way to build intuition for what the WAF is normalizing away.

## One rule from the schema

The tool also reads the parent violation's learn flag when a full `blocking-settings.violations` array is present. Per the schema, these sub-violations are only *learned* when learning is enabled on `VIOL_EVASION`; if learning is off there, a triggering request is still detected and can be alarmed or blocked, but no learning suggestion is generated. The tool surfaces that state so a policy that will never learn its evasions does not surprise you.

## Grounding and accuracy

Every sub-violation name, default, and description is grounded in F5's K7929 and the current BIG-IP ASM 17.5 "Working with Violations" chapter (the Evasion Techniques Sub-Violations table); the field names, the boolean `enabled`, `maxDecodingPasses`, and the 2-to-5 bound come from F5's Declarative WAF policy schema. It is a decode-only tool: it reads what you paste and never fetches, never validates against a live BIG-IP, and never evaluates traffic. Nothing you paste is uploaded or leaves the page; for a production decision, confirm any reading against the documentation for your BIG-IP version.

## Standards and references

- [F5 K7929: Working with evasion technique detected violations](https://my.f5.com/manage/s/article/K7929)
- [F5 BIG-IP ASM 17.5: Working with Violations (Evasion Techniques Sub-Violations table)](https://techdocs.f5.com/en-us/bigip-17-5-0/big-ip-asm-implementations/working-with-violations.html)
- [F5 BIG-IP Declarative WAF v17.1 Schema (blocking-settings.evasions: description, enabled, maxDecodingPasses 2..5)](https://clouddocs.f5.com/products/waf-declarative-policy/schema_v17_1.html)

## Related reading

- [Automatic Learning in Production: How an Attacker Poisons a WAF Policy](https://ronutz.com/en/learn/awaf-automatic-learning-poisoning.md): Left in Automatic learning mode against untrusted traffic, the BIG-IP Advanced WAF Policy Builder will accept and enforce a suggestion once its learning score reaches 100%, and some suggestions disable violations or widen entities. An attacker who floods legitimate-looking traffic from enough sources can push a relaxation to 100% and drill a hole. F5's design resists this with source, session, and time thresholds, but the safe posture is Manual learning by default and building only from trusted traffic.
- [Evasion Techniques: How Advanced WAF Normalizes Around Attacker Encoding](https://ronutz.com/en/learn/awaf-evasion-techniques.md): Attackers hide payloads inside unusual encodings so a signature never sees the real characters. BIG-IP Advanced WAF answers with eight evasion sub-violations under the single 'Evasion technique detected' violation, each normalizing or detecting one trick: %u decoding, Apache whitespace, Bad unescape, Bare byte decoding, Directory traversals, IIS backslashes, IIS Unicode codepoints, and Multiple decoding. All eight are enabled by default.
- [Handling False Positives in Advanced WAF: Triage by Rating, Then Tune with Scope](https://ronutz.com/en/learn/awaf-false-positives.md): A false positive is legitimate traffic that trips a security policy. In F5 AWAF - Advanced WAF (formerly BIG-IP ASM - Application Security Manager) the violation rating is the triage signal: ratings 1 and 2 are likely false positives you can accept, rating 3 needs investigation, and ratings 4 and 5 block even with Block flags off and should be cleared rather than relaxed. The fix is always scoped to the specific URL or parameter, never a policy-wide disable, and the governing rule is to relax only where a false positive actually occurred.
