How to create a Generic ASM Policy?

Hi,

 

Maybe you should have a mix rapid deployment template with the exceptions that you want.

 

It will protect the web site more than from a passive attack signatures.

 

On another hand, it can possibly to increase false-positives, thus, you should mark "learn option" enabled to help you to treat all those possible false-positives more easily in traffic learning screen section.

 

Finally, uncheck your exceptions that you can't learn, alarm or block requests (file type, url, etc) into the "learning and blocking settings" section, and keeping the wildcard entities enforced (no stagging), so when you change policy to the blocking mode, it will effective to the actions that you choose.

 

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-12-0-0/8.html?sr=56183871

 

PS: Even if you want to make the policy with none template, keep in mind that you will need to remove the stagging flag from all the wildcard entities, not just from the attack signatures. So this way, Big-IP can block or alarm the suspicious requests, otherwise, it just can go to the learn screen.

 

I hope this help you.