Forum Discussion

Nimbostratus

Dec 07, 2016

Difference between "Illegal" and "Blocked" request

I recently accepted all learning suggestions from a security policy after confirmation from the web app developer. We took the security policy out of staging and put it into transparent mode with the...

Nimbostratus

Dec 07, 2016

'Illegal' in the ASM logs may also mean you have checked the

Alert

tickbox in policy Blocking Settings while the

Block

tickbox is unchecked. So the request is deemed illegal according to your policy configuration, but not subject to blocking (even when policy itself is in Blocking Status, you can have individual features as alert-only).

You may want to have such "alert-only" configuration for security-features you are planning to take into use, but want to first evaluate if those features align with your application without a negative consequence.

Regards,

Recent Discussions

iRule command to allow IP range to access specific URL
Sep 28, 2024
jayson27
When user goes through LB the server page has stripped information
Sep 28, 2024
Achisu
HIGHLY RECOMMENDED LOST CRYPTOCURRENCY RECOVERY SERVICE/ DIGITAL TECH GUARD RECOEVRY
Sep 27, 2024
williamscott791
Help with an I-rule rewrite
Sep 27, 2024
y-not-me
When adding new GTM(DNS) to the existing group, if software version is not same, what will happen?
Sep 27, 2024
Herman2024

Forum Discussion

Difference between "Illegal" and "Blocked" request

Recent Discussions

iRule command to allow IP range to access specific URL

When user goes through LB the server page has stripped information

HIGHLY RECOMMENDED LOST CRYPTOCURRENCY RECOVERY SERVICE/ DIGITAL TECH GUARD RECOEVRY

Help with an I-rule rewrite

When adding new GTM(DNS) to the existing group, if software version is not same, what will happen?

Related Content

About AWAF "Redirect URLs" in "Responses and Blocks"

How can I add an "Illegal Header" in the Advanced WAF.

Tourniquet iRule to detect, BLOCK, log, and count CVE-2016-9244 "Ticketbleed" attacks

Copper SFP Differences

Http requests with the question mark symbol "?" in the URL are not being blocked although disallowed in the URL character list