Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Feb 03, 2023

Sudden change in ASM policy

I observed a  change within bigip settings. Sudden block on a violation called illegal host name/ reguest length and this violation is not marked as block from policy settings, but i can see it blocked from event logs..  How to check the system logs to track what happen before this change ?could it beacuse of signture update?

3 Replies

  • Which violation is matched in your request? illegal host name or illegal reguest length or both?

    If both are matched or any additional one in the request, and at least one of them is set to block, then this may be the cause.

    You can verify from the event logs by looking for the triggered violations of your request, under the 'occurences' column click on the number of occurences, this will open a popup containing the applied actions for that occurence.

    • THE_BLUE's avatar
      THE_BLUE
      Icon for Cirrostratus rankCirrostratus

      Dear Amine,

      both are blocked but the strange is this violation is not blocked from learning and blocking settings. Also, policy in transparent mode is blocked with this violation.

      • The blocking you described must absolutely not occur in transparent mode. I suspect the policy does not get applied correctly due to some reason, you can first check in /var/log/asm if you have errors after applying the policy. If everything seems OK after basic troubleshooting, better is to open a case with F5