Forum Discussion
nathe
Feb 15, 2018Cirrocumulus
I assume in your policy Blocking Settings against this violation you did not have the Learn flag, or perhaps the Alert flag too, checked. If you had then even in Transparent mode you would've seen an illegal request log and a learning suggestion. Take a look to see which violations have these flags checked.
As to your question, I note that both of these meta characters are disallowed by default and you can allow them across the whole policy. Browse to Application Security - Parameters - Parameters List - Character Sets - Parameter Name and view all characters, change the ones in question to Allow. Don't forget to Apply Policy.
Hope this helps,
N