Forum Discussion

Nimbostratus

8 years ago

Illegal meta character in parameter name, Whitelist

Dear All, I setup the transparent learning to blocking policy. When I switch on it, I have some blocking issue what the ASM not offer to learn. So I do not understand why it did not offer ...

ASM Advanced WAF

security

nathe

Cirrocumulus

8 years ago

I assume in your policy Blocking Settings against this violation you did not have the Learn flag, or perhaps the Alert flag too, checked. If you had then even in Transparent mode you would've seen an illegal request log and a learning suggestion. Take a look to see which violations have these flags checked.

As to your question, I note that both of these meta characters are disallowed by default and you can allow them across the whole policy. Browse to Application Security - Parameters - Parameters List - Character Sets - Parameter Name and view all characters, change the ones in question to Allow. Don't forget to Apply Policy.

Hope this helps,

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Illegal meta character in parameter name, Whitelist

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

Changes to DO and AS3 GitHub - no longer monitored

How to Verify config before loading to F5

Related Content

Define allowed character in ASM for JSON parameter

ASM block all whitelisted urls and parameters in standby device

Brute Force protection for single parameter like OTP

Global Blacklist or Whitelist

Character Length for Object Names

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS