I setup the transparent learning to blocking policy.
When I switch on it, I have some blocking issue what the ASM not offer to learn.
So I do not understand why it did not offer but these blocking issue include in "Illegal meta character in parameter name" Violation category.
The polcy always blocked two metacharacter in the call,
Hex: 0x7c Char: |
Hex: 0x2f Char: /
Can I allow or add to whitelist these characters somewhere in the policy?
Something like this setup,For example:
IF "Illegal meta character in parameter name" violation contains "Hex: 0x7c Char: | " OR "Hex: 0x2f Char: /" == ALLOW
I assume in your policy Blocking Settings against this violation you did not have the Learn flag, or perhaps the Alert flag too, checked. If you had then even in Transparent mode you would've seen an illegal request log and a learning suggestion. Take a look to see which violations have these flags checked.
As to your question, I note that both of these meta characters are disallowed by default and you can allow them across the whole policy. Browse to Application Security - Parameters - Parameters List - Character Sets - Parameter Name and view all characters, change the ones in question to Allow. Don't forget to Apply Policy.
Hope this helps,