Forum Discussion

Muhannad_64809's avatar
Muhannad_64809
Icon for Nimbostratus rankNimbostratus
Apr 17, 2017

ASM disable violations alarm just for specific requests

Dear Team,

 

During creation and fine-tuning of an ASM-policy (based on manually), i have a URL response that keep triggering an RFC compliance check. it is an auto sync process running between servers.

 

We need the ASM to block this incident but i want to disable the Alarm for this blocking incident only for this specific URL.

 

So in general, which type of violation can be disabled/configured on which level (URL, file type, parameter, header)? And if possible, how to configure this. Or is there any good documentation available, which handles such granularity?

 

Thanks in advance, Muhannad

 

  • RFC compliance is violation. Nearly every violation has learn/alarm/block settings for the policy. Their is no granularity beyond that. While you can unblock via an iRule their is no command available to disable the alarm only. Your only option is to have a separate policy that has alarm turned off for the violation. Copy your existing security policy. Modify it so the alarm flag is disabled for the RFC violation. Now go to local traffic policy for your virtual server and add a new rule above the existing asm policy rule. When the URI matches have it select the new policy. Make sure policy matching strategy is set to first match.

     

  • RFC compliance is violation. Nearly every violation has learn/alarm/block settings for the policy. Their is no granularity beyond that. While you can unblock via an iRule their is no command available to disable the alarm only. Your only option is to have a separate policy that has alarm turned off for the violation. Copy your existing security policy. Modify it so the alarm flag is disabled for the RFC violation. Now go to local traffic policy for your virtual server and add a new rule above the existing asm policy rule. When the URI matches have it select the new policy. Make sure policy matching strategy is set to first match.

     

    • Muhannad_64809's avatar
      Muhannad_64809
      Icon for Nimbostratus rankNimbostratus

      Thanks for your answer, i think you have made it clear for me.

       

      Regards, Muhannad