Issue: ASM Violation that is manually disabled is automatically enabled days later
Hi all - we have an interesting dilemma with our F5 ASM policy. We are running two BIG-IP 5050, Software VersionBIG-IP v11.5.2 (Build 0.0.141) configured in an Active-Standby configuration.
We have a Security Policy running in Blocking Enforcement Mode and we've experienced two incidents where we've disabled two sub-violations under the "HTTP protocol compliance failed" list. We would save the configuration and apply the policy as part of the normal process of making changes to the policy, but within a couple of days, we've noticed that the two sub-violations are enabled again. Does anyone know why this is happening? Is this a bug in v11.5.2?
The two sub-violations are:
- "Check maximum number of headers"
- "Check maximum number of parameters"
The attached screenshot shows the two violations that should be disabled, which they are now. Also note that this is the only ASM policy configured on the F5.
Thanks in advance for any insight and assistance.
Ron