Forum Discussion

Muhannad_64809's avatar
Muhannad_64809
Icon for Nimbostratus rankNimbostratus
Apr 17, 2017

ASM disable violations alarm just for specific requests

Dear Team,   During creation and fine-tuning of an ASM-policy (based on manually), i have a URL response that keep triggering an RFC compliance check. it is an auto sync process running between se...
ASM Advanced WAF
security
  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Apr 17, 2017

    RFC compliance is violation. Nearly every violation has learn/alarm/block settings for the policy. Their is no granularity beyond that. While you can unblock via an iRule their is no command available to disable the alarm only. Your only option is to have a separate policy that has alarm turned off for the violation. Copy your existing security policy. Modify it so the alarm flag is disabled for the RFC violation. Now go to local traffic policy for your virtual server and add a new rule above the existing asm policy rule. When the URI matches have it select the new policy. Make sure policy matching strategy is set to first match.

     

Kevin_Davies_40's avatar
Kevin_Davies_40
Icon for Nacreous rankNacreous

RFC compliance is violation. Nearly every violation has learn/alarm/block settings for the policy. Their is no granularity beyond that. While you can unblock via an iRule their is no command available to disable the alarm only. Your only option is to have a separate policy that has alarm turned off for the violation. Copy your existing security policy. Modify it so the alarm flag is disabled for the RFC violation. Now go to local traffic policy for your virtual server and add a new rule above the existing asm policy rule. When the URI matches have it select the new policy. Make sure policy matching strategy is set to first match.

 

Muhannad_64809's avatar
Muhannad_64809
Icon for Nimbostratus rankNimbostratus
Apr 18, 2017

Thanks for your answer, i think you have made it clear for me.

 

Regards, Muhannad