Illigal Parameter addition as custom signature set wanted to Unblock

This feels less like something to “unblock” outright and more like a policy tuning gap. If ASM is flagging it as an illegal parameter, it usually means the parameter isn’t defined or expected in that specific context. Instead of bypassing it globally, you could add the parameter explicitly (or as a wildcard/dynamic one) within the relevant URL profile so it’s only allowed where it actually appears. Another safe approach is to put the violation in staging first and review a few requests to confirm it’s genuinely valid traffic before enforcing any changes. That way you fix the immediate issue without weakening the overall protection posture.