Forum Discussion

Cirrus

Dec 21, 2015

ASM disable violations just for specific requests

During creation and fine-tuning of an ASM-policy (based on manually Rapid Deployment) we found lots of valid requests, which trigger for example an Attack Signature or RFC compliances checks. But ins...

Nimbostratus

Dec 21, 2015

It will be a difficult choice. Assuming that you do not want to implement any iRules, the second-best option I see is using two ASM security policies where one policy is the "lite version" of your main policy (duplicate of your main policy, minus several signature IDs). You can implement the trigger-logic in an LTM policy where instead of disabling the ASM checks, you conditionally select the lite policy for some specific HTTP paths, whereas your main policy is the default selection.

This will enable you to avoid false positive alerts/blocks, but still grant you a decent level of security.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM disable violations just for specific requests

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

APM-Specific Features for Securing Your Website

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

ASM disable violations alarm just for specific requests

Separating False Positives from Legitimate Violations

Logging DNS Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS