Forum Discussion
AltostratusASM WAF and BOT violations have same support ID
Can violations generated for ASM WAF and BOT have same support ID if it's the same request?
Our scenario is we have an URL through which a pdf file is being uploaded. BOT is detecting it and Alarming(mitigation setting not set to block) but the WAF is blocking the same request as "ls" execution attempt (2)" in the context of HTTP Request Body Unparsed Payload.
Probably an issue due to parsingf pdf, we resolved the issue by configuring URL to exclude pdf content from being parsed by ASM policy.
However it's observed that both WAF and BOT report had the same support ID and would like to confirm if that's expected and under what scenario?
Is there a F5 article which confirms this behaviour?
2 Replies
- Aswin_mk
MVP
Hi,
as per details, violations generated by both ASM (WAF) and BOT Defense can have the same Support ID if they are triggered by the same HTTP request. I dont have any article relating that. Please check the same in F5 technical articles.
BR
Aswin 
GDC1-TRG-F5Thanks Aswin
I think i found a reference."The same request logged in both Bot Defense and Applications Requests logs will have the same Support ID, so its records can be correlated."
