Forum Discussion
Enforcement Readiness Summary and HTTP Protocol Compliance
OK, I did some more tests. Logic for HTTP protocol compliance learning is quite odd and different than for other entities.
Only way I found to actually see if any request is not compliant is like that:
- Policy in Transparent
- Enable checked for all compliance test that we like to evaluate (when all compliance test with Learn has as well Enable checked 0 is listed in Not Enforced column)
Other way is to keep policy in Blocking and disable Block for HTTP protocol compliance failed.
I don't get why this violation type is handled in such different way than others.
Piotr
- MarvinAug 03, 2021Cirrocumulus
Hi Piotr yes indeed I fully agree that the HTTP protocol compliance learning is quite strange, for example F5 recommends to enable a HTTP compliance feature which only has the learn checkbox selected, the HTTP compliance itself is in learn, alarm, block mode as well as the ASM policy itself.
ASM recommends in traffic learning to enable a feature in HTTP compliance (in particular POST request with Content-Length: 0). While enabling this feature it will cause a lot of blocks of legitimate traffic. So I can conclude that the traffic suggestion is completely wrong and F5 ASM HTTP compliance should also report the violation while the HTTP compliance feature is only in learn mode, I guess I have to check this with F5 support.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com