Forum Discussion
nathe
Jan 23, 2015Cirrocumulus
firstly, that attack signature is a URI one in scope so you won't be able to assign it to a parameter.
Secondly, what I suspect is the signature is enabled and the traffic learning is just identifying that it's been triggered and you can now make an exception if required. In this case you might only be able to disable it on the policy? Or does the learning suggestion mention how to allow this, possible a URL parameter instead?
Do you see the signature in Application Security - Attack Signatures - Attack Signature List? Filter on 200000011.
Hope this helps,
N