Forum Discussion

cornemrc's avatar
cornemrc
Icon for Altostratus rankAltostratus
Jun 24, 2021
Solved

Disable ASM illegal HTTP status response logging

Hello, my ASM policy setting looks like this:     Why do I still get Application Request Logs where the only violation is     I am fine with the blocking of unallowed HTTP ...
ASM Advanced WAF
BIG-IP
http
logging
security
  • Erik_Novak's avatar
    Erik_Novak
    Jun 24, 2021

    The purpose of Alarm is to let you know if you have traffic that may be illegal--but you haven't decided yet, as might be the case when the policy is in Transparent mode. For example, you might be checking that F5 Adv. WAF doesn't classify something as illegal that should be legal for your application before you place the policy in blocking mode. Alarm produces a log entry to alert you about the potential of a false positive violation.

     

    Block controls whether the violation will cause the request to be blocked. Blocked events are always logged because they are illegal by definition.

     

    If you really don't want to see that response code violation, you can create a custom logging profile, enable Response Logging, and then exclude specific response codes from being logged. 

     

     

     

Erik_Novak's avatar
Erik_Novak
Icon for Employee rankEmployee
Jun 24, 2021

The purpose of Alarm is to let you know if you have traffic that may be illegal--but you haven't decided yet, as might be the case when the policy is in Transparent mode. For example, you might be checking that F5 Adv. WAF doesn't classify something as illegal that should be legal for your application before you place the policy in blocking mode. Alarm produces a log entry to alert you about the potential of a false positive violation.

 

Block controls whether the violation will cause the request to be blocked. Blocked events are always logged because they are illegal by definition.

 

If you really don't want to see that response code violation, you can create a custom logging profile, enable Response Logging, and then exclude specific response codes from being logged.