Forum Discussion
Altostratuswierd behaviour after applying transparent ASM policy
Hi, we are running ASM on bigip-5250 with version 11.5.1 HF3. We had created the ASM security policy using the policy wizard and selecting manual mode. It was in transparent state, so NOT blocking anything. The next day the users reported that the VS to which the ASM policy was applied is not working correctly. The users could login to the VS, but they could not click on any of the links inside the site. After removing the ASM policy from the VS and user clearing the browser cache, it all went fine again. Please advise if a transparent manual policy using the rapid deployment mode could do anything linke this?
1 Reply
gsharriAn ASM security policy in transparent mode will still affect traffic by inserting cookies and possibly modifying traffic payload. Transparent mode only stops ASM from blocking if there are violations.
Using rapid deployment template enables Data Guard by default to mask credit card numbers and US social security numbers so if there is any code in the page that looks like a CC data guard is most likely masking it with ***** characters.
Other features may also alter the payload of the response even in transparent mode: CSRF protection, bot detection, DDoS protection
