ASM - disabling or unblocking attack signatures - on active blocking policy
Hi John, I have a query regarding disabling an attack signature on an active blocking policy. we have identified a few attack signatures in an ASM policy is generating false positive blocks in our environment. Although the signature(s) in itself is a valid one, in our environment (traffic between backend servers, yes the policy is protecting at tier two level) this not applicable in our case. Just to want to confirm that the right way to do this policy would be to 'Security ›› Application Security : Attack Signatures : Attack Signatures List" and filter signature id (eg.,200003098) and change properties? This is without using an irule, as my client does not want to use an irule and is fully aware of the fact that signature is turned off for the entire policy. Please advise me on any other approached you would recommend in similar scenarios. Many thanks, Jobi.