ASM disable violations just for specific requests
During creation and fine-tuning of an ASM-policy (based on manually Rapid Deployment) we found lots of valid requests, which trigger for example an Attack Signature or RFC compliances checks. But instead of disabling the Attack Signature or the specific RFC compliance check for the whole policy, I would prefer to disable it just for the specific request. The source for such a trigger might be different (URL, parameter, header, content), but from my point of view the easiest and "top level" way to specify an exception would be the URL. But would this be possible, especially when there is a global wildcard URL (*) defined (does a more specific URL gets preferred, I would say yes based on the "Wildcards Order")?
I did some testing e.g. a request with a header, whose value triggers the "High ASCII character" violation. I tried different settings:
- disable "Check characters on this URL"
- set "Request Body Handling" to "Do nothing" for the wildcard header
- set "Parameter Value Type" to "Ignore Value" (for another request where the trigger was on a parameter)
But the request was still blocked.
So in general, which type of violation can be disabled/configured on which level (URL, file type, parameter, header)? And if possible, how to configure this. Or is there any good documentation available, which handles such granularity?
Thank you!
Ciao Stefan :)