We have a specific request that is set to perform a health check on our asm policies to ensure they are blocking as expected. Basically it is https://url/<script!> which gets blacked every time. The asm logs it into the event logs but there are so many requests I want to set it so anything that is /<script!> will block but not log. Does this need to be an irule or is there a way in the logging profile or policy that we can set this uri to not log?
If you know exactly where the request is coming from and there is no other traffic coming from the same location, you could use IP address exceptions to stop logging for traffic from that location.
We cannot block via ip as it changes and is from multiple locations. I don't even see where I can create a custom violation or attack signature and disable logging. No ASM event for irules to disable logging.
I am not sure that I understand use case of such asm health check, but if you want to execute health check of asm policy, then better to use some dummy VS for this purpose.
Customer used pingdom to test that the ASM is working as expect but having a check looking for the wording in the response page. I can propose using a dummy vs but you will still have the event logs hit with a bunch of the logs for this check. I can't believe there is no way to not log except based on ip.