Pacifying parameter input

You can't do this in ASM, ASM is a Web Application Firewall. It can DETECT , ALARM and BLOCK the the malicious parameter input like < script >, but it will not sanitize it. You will need to write an LTM iRule for content modification/sanitization, however beware that potentially you will be allowing malicious input anyway. Stripping HTML tags is not enough to stop the attack. The correct way of fixing this is to fix your application, so speak to your developers first.