IP Address Exception set to Never Log - continues to log for IP in this /20 range
We recently upgraded to Big IP ver 15.1.2.1 and have had a couple minor issues along the way. We have created a new ASM policy and added an "IP Address Exception" to this policy. The exception includes a /20 CIDR (net mask 255.255.240.0). The setting for this IP Exception are as follows: Policy Builder: Don't Trust IP Brute Force Detection: Include IP Learning Suggestions: Ignore IP Log Traffic: Never Log Block this IP: Policy Default IP Intelligence: Include IP The issue we have is that despite this setting: "Log Traffic: Never Log", we continue to see alerts logged for these IPs. As this is a scanner service we pay for, we wish to prevent this from logging in our TEST environment. Has anyone had an issue where they were unable to prevent the logging of events despite the IP Address Exception being in place? Thank you652Views0likes0CommentsASM IP Exceptions
We are new to having ASM implemented on our main virtual servers, over the past couple months I keep having to add IP exceptions for for valid customer IP's that get blocked as "malicious". I assume the goal would not be to have a large list of IP's in this list, any advice on how to tune this a little better, docs etc? I'm have around 50's IP's currently whitelisted due to being blocked as malicious, any advice would be great!Solved1.8KViews0likes14CommentsWhat's the purpose of the catch block in an ASM_REQUEST_BLOCKING scenario
We're returning custom ASM-error pages by using an irule whose initial structure follows the principle of the article ASM_REQUEST_BLOCKING. Some month ago i decided to remove the last block 'when HTTP_RESPONSE_RELEASE'. Today i temporarily re-added it and was quite surprised about the log entries. Although the irule works as expected, the content of the catch block is getting executed. How do i identify the typ of the exception thrown by the irule? And what action should it take in this case, since everything works fine?359Views0likes1CommentSalesforce Parameter Exception Question
We are rolling out a Salesforce application and we have a request that is being blocked due to a parameter in the following format: {"ORDER_HEADER":{"INVOICE_HEADER":{"APPLICATION":"Some Application Name","APPLICATION_USER":"Some User ID","INVOICE_NBR":"some invoice number"}}} I've never created a parameter exception to handle a parameter in that format. I thought creating a parameter using a regular expression would be the way to go, but I'm not sure if that's the right approach. Any advice you have on how to handle parameters like this would be greatly appreciated as I think we may see this again in the future. Thanks!269Views0likes6CommentsASM exception in filetypes
If i have a value length for all PHP file types on my web application set to say 100 and only 1 URL with filetype PHP with length 1024, then I have to set the length for all PHP file types to 1024??? I don’t know how to do it but maybe I could explicitly configure this very URL with length 1024 and set “Request body handling” to something…. What do you think? Can you please show in an example how to do it?254Views0likes2Comments