ASM; Change of "Ignore Value" param with event description: Fallback to default parameter type

Question

Hello everybody!&nbsp;
I have encountered a problem and need help!
I have created a policy and activated its "real traffic learning". Through trusted traffic, it recognized some parameters of "Ignore Value" type and some of other types. After 8 days (1 day more than "enforcement readiness period") and before deactivating "real traffic learning" (I had to do that), I edited some of other parameter, and I observed that the policy builder changed all of "Ignore values" parameters to "user input with length of 10" one by one. Description of these events are logged as "Parameter Type was set to User input value. Fallback to default parameter type".&nbsp;
could any one help me with: &nbsp;
1- Firstly, why some of parameters got type of "Ignore value"?&nbsp;
2- Why "Ignore values" parameters should be changed in this scenario? And why these changes are made one day after "enforcement readiness period"? How this scenario could be explained? Generally, does policy builder change parameters after "enforcement readiness period"?&nbsp;
3- And, the event description says "... Fallback to default parameter type", Where the type "user input with length of 10" is defined as default? Can I edit this setting of default value?&nbsp;
thanks a lot!&nbsp;

romani_2788 · Answer

Very likely, these Parameters are created with Ignore value because Policy builder is set to identify Content Profiles and it automatically detects advanced protocols, and will be taken out of this status once the type is identified, which is why you saw it change to 'user input' after it has detected the input type. 
The length of 10 simply indicates that Policy Builder never found an input of more than 10 characters (or maybe slightly less), and therefore doesn't deem it necessary to give this parameter more than that size input in securing it.&nbsp;

nazaktabar_3358 · Answer

Hi! 
Thanks a lot dear Romani of your response. I am sorry it is still obscure for me...&nbsp;
The senario was: I could not have traffic in my trusted zone any more and my parameter was not detected enough accurate. So, Before {enforcing and disabling Policy builder and sending the policy to operation}, I started to editing some of "user input" parameters one day after "enforcement readiness period", and then I saw that Policy builder have started to changing of "ignore value" parameters.&nbsp;
Having no traffic, how Policy builder could identify the type of "ignore value"s?&nbsp;

Forum Discussion

ASM; Change of "Ignore Value" param with event description: Fallback to default parameter type

2 Replies

Recent Discussions

How to Match Dynamic URI Segments in AS3

URI modification

Need help on i-rule to specific uri path

HA Active Directory for F5 authentication

NGINX - Need more details on NGNIX WAF

Related Content

Icontrol REST upload and apply policy- section "http-protocols" ignored?

"Ignore value" parameter type

exclude HTTP::header value Content-Type] equals "text/xml; charset=utf-8" from SSL redirect

JSON field description

Where is F5 BIG-IP LTM node Field Description