We have a ASM case being reported in which the SQL injection is being blocked in general but the same signature is only results in an alert when the traffic is incoming from a particular source country.
Has anyone seen this behavior, I don't think we have manually configured any such behavior so its really strange to even hear of this.
Can you confirm that no Geolocation protection is enabled and that there are no IP address exceptions configured for that particular range of IP addresses?
Yes I double checked we have not configured such exceptions or using geo locations.
Also I think the problem is a different one, they just reported it this way but that's not what's happening so I guess this thread can just stop here for now..
