Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Suggested action "Set Learn to disabled. Set Alarm to disabled. Set Block to disabled."

Jim_M
Cirrus
Cirrus

‎31-Mar-2020 01:26

My v12.2 F5 BigIP ASM has suggested, as an action in response to a "Null in multi-part parameter value" violation, to "Set Learn to disabled. Set Alarm to disabled. Set Block to disabled." Would this be just for this particular traffic? Or would this apply to the whole policy? If the later, its extreme.

Labels:
0 Kudos
1 REPLY 1

Erik_Novak
F5 Employee
F5 Employee

‎31-Mar-2020 05:26

The setting for that violation applies to the parameter for which the violation occurred. Does your application handle or otherwise allow a null value as input? If it does, you could safely disable block on that parameter only, (add the parameter to the policy first) . So it isn't really the whole policy. It's just one security check out of many. The idea is to phase in blocking mode so you prevent false positives. Does that help?

0 Kudos
Copyright © 2023 Khoros, LLC