In the ASM, illegal http method attack is blocked but it does not result in the blocking response page shown to the user.
would need some more information.
when you say "In the ASM, illegal http method attack is blocked", do you mean it is configured to block or do you see it blocked in the event request log?
are other attacks blocked with a block page shown?
how do you test this? which METHOD?
It is configured to block and the event request log shows it as being blocked.
I use postman and the request is blocked but no block response page.
interesting, and if you do a regular request or a different attack you do get the block page?
I sure do. I get a 200Ok response with no body. My aim is to have a 200Ok response with the block page or a 405 response.
you didn't make changes to the Response Pages?
what exactly are you sending via Postman?
It is actually a request to an API "API call"
an API call is normally nothing else then a specific HTTP request.
provide what you use in Postman i can check if it gives a block page with my settings.