Forum Discussion
NimbostratusF5 ASM/AWAF – violations logged but no learning suggestions generated
MVPI believe this article explains that certain illegal objects don't create learning suggestions.
https://my.f5.com/manage/s/article/K17191923
The way I look at it is that making something illegal is an active choice, you say these things aren't not allowed period. So then you don't want learning to be able to enable them again.
A_hassaneinThanks for your reply boneyard.
Firt of all the violation i mentioned in the post "illegal parameter" is not unlearnable in the article you've mentioned.
I also want to make it clear that the proplem is our policy is configured to learn parameters in an allow list "positive security" and the parameter names in the violation requests are not explicitly disallowed in the policy, So it's odd that the learning of ASM doesn't suggest adding them in the allow list and the learning mode for parameters is always BTW.- Nikoolayy1
Do you still have a wildcard parameter * to capture all not explicitly configured parameters ? Is your policy builder in automatic mode with auto accept ? Even if it is then if the traffic is not trusted then it will take many requests to be auto allowed and this is why trusted ip jumphosts are used.
