Help excluding URLs from HTTP Protocol violations in ASM
I am having a problem where a network health ping /checkhealth is hitting several sites multiple times a second creating 100,000s of events a week. It is getting blocked because it has an IP address in the header instead of the FQDN. I know the requests are legitimate, and want to allow them.
My issue is that I still want to keep the blocking the "header containing IP address" rule on these sites, but it looks like even if I create the /checkhealth URL exception it is only looking at attack signatures and not the vulnerability/HTTP compliance rules. They are also using a wide range of IP addresses. So there isn't an easy way to just whitelist the IPs.
What is the best way I can made the WAF policy ignore those requests completely? Is my only option creating a custom L7 Policy or a custom iRule, or is there an easier route? (ibig-ip VE 15.1) Thanks!