Forum Discussion

Arif_Mohammed_1's avatar
Arif_Mohammed_1
Icon for Nimbostratus rankNimbostratus
Oct 25, 2017

how to block asm

Link 1: https://support.f5.com/csp/article/K14709 One link says Bypassing the BIG-IP ASM system Local Traffic -> Virtual Servers -> Security -> Policies -> Application Security Policy -> Enabled or ...
  • Martijn_144688's avatar
    Oct 25, 2017

    Arif,

     

    When you select disable in Local Traffic -> Virtual Servers -> Security -> Policies -> Application Security Policy, ASM is disabled for that virtual server and the policy is not applied. So nothing is blocked by ASM. Maybe AFM is enabled and a Network Firewall policy is configured on the virtual server, but this has nothing to do with ASM.

     

    In Security > Application Security > Security Policies you can select Transparent or Blocking for the ASM policy. If Transparent is selected, nothing is blocked when a violation is detected by ASM. A log is created and you can select to block these kind of events in the future or ignore the violation. When Blocking is selected, the traffic is blocked when a violation is detected. A log is created and you can decide to accept this block or override the block by allowing these kind of event.

     

    This is what the help page on the appliance says:

     

    Transparent: Specifies that, when the system receives a request that violates a security policy parameter, the system logs the violation event, but does not block the request.

     

    Blocking: Specifies that, when the system receives a request that violates a security policy parameter, the system logs the violation event, blocks the request, and responds to the request by sending the Blocking Response page and Support ID information to the client.

     

    Hope this helps.

     

    Regards, Martijn.