cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Suggested action "Set Learn to disabled. Set Alarm to disabled. Set Block to disabled."

Jim_M
Cirrus
Cirrus

My v12.2 F5 BigIP ASM has suggested, as an action in response to a "Null in multi-part parameter value" violation, to "Set Learn to disabled. Set Alarm to disabled. Set Block to disabled." Would this be just for this particular traffic? Or would this apply to the whole policy? If the later, its extreme.

1 REPLY 1

Erik_Novak
F5 Employee
F5 Employee

The setting for that violation applies to the parameter for which the violation occurred. Does your application handle or otherwise allow a null value as input? If it does, you could safely disable block on that parameter only, (add the parameter to the policy first) . So it isn't really the whole policy. It's just one security check out of many. The idea is to phase in blocking mode so you prevent false positives. Does that help?