For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

gh0st_325958's avatar
gh0st_325958
Icon for Nimbostratus rankNimbostratus
Feb 15, 2018

Illegal meta character in parameter name, Whitelist

Dear All,   I setup the transparent learning to blocking policy. When I switch on it, I have some blocking issue what the ASM not offer to learn.   So I do not understand why it did not offer ...
ASM Advanced WAF
security
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Feb 15, 2018

I assume in your policy Blocking Settings against this violation you did not have the Learn flag, or perhaps the Alert flag too, checked. If you had then even in Transparent mode you would've seen an illegal request log and a learning suggestion. Take a look to see which violations have these flags checked.

 

As to your question, I note that both of these meta characters are disallowed by default and you can allow them across the whole policy. Browse to Application Security - Parameters - Parameters List - Character Sets - Parameter Name and view all characters, change the ones in question to Allow. Don't forget to Apply Policy.

 

Hope this helps,

 

N