1. When a false positive violation or signature is triggered for a url or parameter you don't need to disable the violation/signature for the entire ASM policy as you can always use iRules to just bypass the violation/signature just a specific URL or Parameter :
3. You can also use a Local Traffic policy but it only has the event "ASM::disable" that stops the ASM for everything not just for the one false positive. I hope that the F5 team will add the "ASM::unblock" to the Local Traffic policy options but for now I don't recommend this.
4. Another note is if you upload files then they in many cases may trigger attack signatures but just adding an explicit custom parameter with Value Type "User-input value" and Data Type "File Upload" will make the ASM to not trigger signatures for the files being uploaded:
5.Also when using iRules with the ASM check under the ASM policy what is the ASM iRules Event Mode as it could be Compatibility Mode or Normal Mode as the old way was Compatibility Mode and when bypassing the ASM for a violation it also bypassed any other violations that may have triggered after that and not being false positivies:
7. The new Microservices option under the WAF policy is a great way to stop some RFC or evasion checks for a particular host and URL without iRules and the signature violations can just be removed by creating an allowed URL and bypassing this. Just the general violation's will still need an irule to be bypassed.