F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

mkeenan_289714's avatar
mkeenan_289714
Icon for Nimbostratus rankNimbostratus
Dec 07, 2016

Difference between "Illegal" and "Blocked" request

I recently accepted all learning suggestions from a security policy after confirmation from the web app developer. We took the security policy out of staging and put it into transparent mode with the...
application delivery
ASM Advanced WAF
security
Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Dec 07, 2016

'Illegal' in the ASM logs may also mean you have checked the 

Alert
tickbox in policy Blocking Settings while the 
Block
tickbox is unchecked. So the request is deemed illegal according to your policy configuration, but not subject to blocking (even when policy itself is in Blocking Status, you can have individual features as alert-only).

You may want to have such "alert-only" configuration for security-features you are planning to take into use, but want to first evaluate if those features align with your application without a negative consequence.

Regards,