Forum Discussion
Aurel
Cirrus
CirrusIgnore value versus Apply content signatures
Hello, Facing unknown content blocked by ASM, i would like to compare 2 options to set an exception. First one : Set the Content-type header and set Request Body Handling with "Apply co...
Samir
MVP
MVPIt depends on type of application hosted on ASM. But ignore value (2nd option) will be better then first one.
Best way go through traffic learning event logs and analyze it.
AurelHi,
thanks for your comment. But can you elaborate on why "ignore value" would be the best option ?
Trying to count "Parameter based" signatures, i am getting the 1/3 ratio versus all signatures. Meaning that removing them would remove around 1/3 of the attack signatures.
I can't unfortunately identify what is called "Content signatures" to compare any proportion, and mostly to conclude about each security tradeoff more accurate score.
