would need some more information.
when you say "In the ASM, illegal http method attack is blocked", do you mean it is configured to block or do you see it blocked in the event request log?
are other attacks blocked with a block page shown?
how do you test this? which METHOD?