No Violations Generated for Blocked Request
Hi everyone. I recently turned on blocking mode for one of our ASM policies, and am suddenly seeing some unexpected behavior. The event log is showing me blocked requests, but no violations for some of these requests.
Under the "Request Details" tab, I would expect to see a "Violations" section, followed by "General Details". Instead, there are no violations. The Attack Type is Cross Site Scripting (XSS). What could be causing this? The requests appear legitimate, and I believe they need to be accepted into the policy. Learning is enabled for everything we are blocking.
In case anyone else has the same problem, this appears to be the solution: https://support.f5.com/kb/en-us/solutions/public/k/86/sol86019555.html. Essentially, the block was triggered by a sensitive parameter.