Problems using ASM and Web Accelerator/AAM

Hello everyone,

 

I am having problems to get the ASM module to work with the Web Accelarator / AAM.

 

The article https://support.f5.com/csp/article/K14880 describes some conditions for both modules to work together. As described in the document, in my setup if bigip receives a valid request and does not generate a violation the cache works.

 

However, if an invalid request is received and generates a violation, all other valid requests for the same URL are no longer cached. This happens regardless the request origin.

 

For example, consider requests for . All valid requests for "/index.html" are cached. However, at the moment a request for "/index.html" generates a violation, any other valid request for "/index.html" are no longer cached.

 

That seems odd to me.

 

Is this an expected behavior? Or am I missing something?

 

Obs:

 

I'm using Bigip VE 12.1.2

 

To run the tests, I created an empty ASM policy and activated the signature attack: Automated client access curl. This policy prevents users from using command line "curl" to access the home page. So, I did:

 

1. From machine 1, I access the URL from a valid browser. I verified that the request was cached.
2. From machine 2, I access the URL using the "curl". I verified that the request was NOT cached and the ASM reported a violation.
3. From machine 1, I access the URL from a valid browser. I verified that request was NOT cached and the ASM did not raise any violation for this request.