How could I exclude Vulnerability scanners from Session Tracking?
I have enabled session tracking on an application and it has quickly blocked my vulnerability scanner. Of course this is "scan interference" and makes the results invalid. The options on the IP Address Exceptions page allow me to "Never Block" the IP , but then I get false results and ASM is not providing any protection. Because I've seen that when blocked by Session Tracking the other violations were still recorded in the logs I thought this may work as an iRule when ASM_REQUEST_DONE { if { ([ASM::violation count] equals 1) && ([ASM::violation names] eq "VIOL_SESSION_AWARENESS") && ([IP::addr [IP::client_addr] equals n.n.n.n]) } { ASM::unblock } } But it didn't, the connections were still blocked when the session tracking count was reached. Can anyone suggest something to try next?Solved860Views0likes6CommentsSession Tracking with ASM - Block All Vs Delay Blocking
Hi Guys, I'm just looking to understand exactly the difference between the 'Block All' and 'Delay Blocking' options for session tracking on ASM policy. Both seem to block after a defined threshold is reached and will block for a defined period of time. It looks like the 'Delay Blocking' options is more granular however I expect that there is something significant I am overlooking. Also, the application I wish to use session tracking on does not have a login page. As a result I will be setting the 'Application Username' to 'none'. Will this allow me to still accurately track if an individual is spamming the application? Thank you443Views0likes1Comment