Forum Discussion
F5 ASM learning new parameters while being in blocking mode.
Question 1: Yes. All parameters disallow meta characters by default. If you override those meta characters, then they are allowed--but attack signature are still applied to the parameter input value.
Question 2: Yes. There are two ways to do this. One is to un-check the Block checkbox for the "Illegal Parameter" violation. In fact, that works with all violations, including "Illegal meta character in value" related to your first question. The ot her is to leave all parameters in staging during the learning process as developers add them.
Question 3: Once the policy is mature, you can enforce the wildcard or remove it altogether.
Question 4: One way would be to turn off blocking on the specific violation that is getting triggered until the learning period is over. Or go to the Learning and Blocking Settings page > Policy Building Process, and select the Advanced view. Under Policy Building Process, locate Loosen Policy and review the default rules. Also ensure you have "Track Site Changes" enabled, and review those rules and adjust accordingly. If you have a way to build the policy using trusted traffic then you can reduce the time required dramatically.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com