Forum Discussion
Lobby4_273304
Nimbostratus
NimbostratusNo Violations Generated for Blocked Request
Hi everyone. I recently turned on blocking mode for one of our ASM policies, and am suddenly seeing some unexpected behavior. The event log is showing me blocked requests, but no violations for some of these requests.
Under the "Request Details" tab, I would expect to see a "Violations" section, followed by "General Details". Instead, there are no violations. The Attack Type is Cross Site Scripting (XSS). What could be causing this? The requests appear legitimate, and I believe they need to be accepted into the policy. Learning is enabled for everything we are blocking.
In case anyone else has the same problem, this appears to be the solution: https://support.f5.com/kb/en-us/solutions/public/k/86/sol86019555.html. Essentially, the block was triggered by a sensitive parameter.
- Stefan_Klotz
Cumulonimbus
If you go to Security › Application Security > Policy Building > Manual Traffic Learning, do you see something there? And if yes, can you accept it from there to solve your issue?
Ciao Stefan :)
Lobby4_273304In case anyone else has the same problem, this appears to be the solution: https://support.f5.com/kb/en-us/solutions/public/k/86/sol86019555.html. Essentially, the block was triggered by a sensitive parameter.
