For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mkeenan_289714's avatar
mkeenan_289714
Icon for Nimbostratus rankNimbostratus
Dec 07, 2016

Difference between "Illegal" and "Blocked" request

I recently accepted all learning suggestions from a security policy after confirmation from the web app developer. We took the security policy out of staging and put it into transparent mode with the...
application delivery
ASM Advanced WAF
security
Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Dec 07, 2016

'Illegal' in the ASM logs may also mean you have checked the 

Alert
tickbox in policy Blocking Settings while the 
Block
tickbox is unchecked. So the request is deemed illegal according to your policy configuration, but not subject to blocking (even when policy itself is in Blocking Status, you can have individual features as alert-only).

You may want to have such "alert-only" configuration for security-features you are planning to take into use, but want to first evaluate if those features align with your application without a negative consequence.

Regards,