Suggested action "Set Learn to disabled. Set Alarm to disabled. Set Block to disabled."

Question

My v12.2 F5 BigIP ASM has suggested, as an action in response to a "Null in multi-part parameter value" violation, to "Set Learn to disabled. Set Alarm to disabled. Set Block to disabled."  Would this be just for this particular traffic? Or would this apply to the whole policy?  If the later, its extreme.

erik_novak · Answer

The setting for that violation applies to the parameter for which the violation occurred.  Does your application handle or otherwise allow a null value as input? If it does, you could safely disable block on that parameter only, (add the parameter to the policy first) . So it isn't really the whole policy. It's just one security check out of many.  The idea is to phase in blocking mode so you prevent false positives. Does that help?

Forum Discussion

Suggested action "Set Learn to disabled. Set Alarm to disabled. Set Block to disabled."

1 Reply

Recent Discussions

Port Group on F5OS network setting

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Related Content

HA pair in VMware v7 update 3 - Should "power on connect" be enabled, or disabled for vlans/network?

No Learning Suggestions But could see Violations in the event logs

Planning to Upgrade. Please suggest.

Duplicate "Set-Cookie" header in response

"Configuration problem" when setting up a trial LTM VM