F5 ASM learning new parameters while being in blocking mode.
Hi,
I have my ASM protecting many web applications. The problem is that some of the applications/websites, don´t have that much traffic, but some of the websites have a lot of Forms etc. Since the traffic is not to much, it didn´t learned all of the parameters of the website while it was on transparent mode, and even some of the parameters learned don´t have all the meta characters allowed.
Question 1:
If i disable the value meta character on the parameter itself, does it still block attacks like XSS, SQLi etc?
Question 2:
Is there a way to have my policies in block mode, but do not block new parameters that are added by developers as an example, and then accessed by users?
Question 3:
Do you guys keep the Wildcard * parameter in blocking state or leave it in staging ?
Question 4:
When policy is in automatic, i detected that if a parameter in the website that should allow alpha-numeric values, if it gets a lot of hits by users that just post numeric values ( lets say username) the policy change the parameter data type to integer itself, and after that if some user as a username that have letters in it, will get blocked. What is the better way to get over this. Manual (extensive work checking all the policies every day) or automatic ( some things stop working after some time so have to correct it mannually), or is there and alternative in the Learning and blocking settings that allow to loosen the policy keeping it secure and manageable?