Alert and pass the traffic when the policy is in blocking mode for violation rating 1 or 2

Dayal · ‎06-Nov-2016

Hi Team,

I have ASM deployed in the network and have a dynamic website behind the same. I am bombarded with many violations with ratings 1 and 2 which the F5 suggests likely a false positive. Is there a way that I can allow the violations which have ratings 1 or 2 to pass through but at the same time provide an alert ?

Thanks,

Tikka_Nagi_1315 · ‎29-Nov-2016

You would have to configure the security policy to not Alarm under Enforcement Mode.

It can be achieved by configuring blocking actions for violations under:

Security > Application Security > Blocking.

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/24.ht...

Michael_Michael · ‎14-May-2018

Hi, i also wonder if it posible to pass violatio 1 and 2. lots of FP. Please advice.

Tikka_Nagi_1315 · ‎15-May-2018

I would recommend that you open a support case and provide an asmqkview --add-request-log for F5 to review the potential false positives.

Michael_Michae1 · ‎14-May-2018

Hi, i also wonder if it posible to pass violatio 1 and 2. lots of FP. Please advice.

Tikka_Nagi_1315 · ‎15-May-2018

I would recommend that you open a support case and provide an asmqkview --add-request-log for F5 to review the potential false positives.

DevCentral

Alert and pass the traffic when the policy is in blocking mode for violation rating 1 or 2

Register For AppWorld 2024

F5 Receives Six Trust Radius
Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

DevCentral

Alert and pass the traffic when the policy is in blocking mode for violation rating 1 or 2

Register For AppWorld 2024

F5 Receives Six Trust Radius Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

F5 Receives Six Trust Radius
Best of 2023 Awards