Forum Discussion
NimbostratusASM manual learning mode parameters and URLs
Dear all, I am trying to optimize the ASM security policy by using manual learning mode and have selective all entities. In the parameter list, I can see that it is in learning mode. I am not able to use Automatic policy builder / realtime traffic builder, because the F5 is located on the external public network segment and I dont want to take the risk that it will learn something that it shouldn´t.
The strange thing is that there are 4 ASM policies, all for Microsoft IIS server platforms and I only see one parameter that is __viewstate.
Does somenone has an idea why I just dont see any other parameters being learned? If I have a close look at the HTTP POST requests there are several parameters visible, so why aren´t these learned by the F5 ASM? Eventually I want to protect the application at the paramteter level and not only use the wildcard.
Please share your experience I appreciate it!
1 Reply
Erik_NovakEmployee
Are you sure that the learning mode for parameters is really "Add All Entities" and not "Selective"? It's not clear from your first sentence. If you changed the learning mode for parameters at any point, make sure you clicked Save and Apply Policy. Also, if you view the Learning and Blocking settings page, are the Learn and Alarm checkboxes for "Illegal Parameter" selected? If you have four policies, make sure you are editing the correct one.
