im facing an issue with wildcard parameter, i reviewed many blocked request match with attack sig " SQL-INJ "end-quote UNION" (Parameter)"
i created wildcard parameter ---> [ctl00_body] and i disabled the mentioned attack sig on this wildcard parameter and applied the policy
but the request still hit this * wildcard and our customers still getting blocked anyone know why?
the wildcard parameter name must be :
why  is not working? bigip is not support this special chars?
[ ] Matches characters within the brackets.
b[ae]ll finds ball and bell, but not bill.
You’re right, but the wildcard parameter must match all characters...
[ctl00_body] Will match only single character parameter contained between brackets
but the wildcard parameter must match all characters... is this logic related to bigip ?
[ctl00_body] means only those parameters are included:
so fixed content must be out of brackets
then you must defined what is variable :
if you want to match anything starting with ctl00_body_ :
if you want to match parameter starting with ctl00_body_ and with 2 digits at the end:
if you want to match parameter starting with ctl00_body_ and with 4 alpha decimal characters at the end:
Thank you Stanislas very much for your clarification, this is so helpful
i thought [xx_yy] means match any parameter start with xx_yy i didn't know it will match only 1 char, i was confused because i faced the same issue with with another VS and i solved it using [ ]