Nimbostratus
Basically I am seeing a couple signatures get tripped but it is mostly my IP space which we found is a false positive. So I wanted to keep the signature enabled but just white list some of my IP space.
Cirrocumulus
AFAIK you can't - just checked to see if this feature is available in v11.x but doesn't seem to. Perhaps an iRule will help you here to bypass the ASM altogether for certain IP addresses. I've seen these 2 docs for v9.x and v10.x:
http://support.f5.com/kb/en-us/solutions/public/10000/400/sol10479.html?sr=17615809
http://support.f5.com/kb/en-us/solutions/public/7000/900/sol7920.html
Whether you can get more granular in regards to specific Attack Sigs then perhaps someone else can advise as I'm not sure.
Now my iRuling days have only just started but from the doc above and if you've got v10 I wonder if you could create a class group of your internal IP addresses and use this iRule to bypass the ASM module?
when HTTP_CLASS_SELECTED {
ASM::enable
if { matchclass [IP::client_addr] equals $::ip_white_list } {
ASM::disable
}
}
Haven't got my test box available to me today so hopefully someone could verify this info.
Rgds
N