testing and learning f5 asm
I am very confused regarding staging and enforcement.
Suppose i built a policy , enforcement readiness is set 1 day. and enable signature staging is set to yes. After one day , when i check and try a script tag, it gets blocked based on policy set under parameter. But all the parameters is still under staging and all the attack signature is under staging. So when enforcement period is over , all parameter ,url etc is still under staging. So any blocking that we see is only because of the policy building -> learning and blocking settings , right ? what do you suggest is the best practice ? learning all url parameters w.r.t to website and posing respective restriction along with the global policy setting ? Inorder to do that, we need to move all the learnt url, parameters to enforced mode right ?
Once we move to blocking mode , will it still learn new parameters ? or do we have to change under learning and blocking settings -> under parameters -> learn new parameters-> and set to always ? While doing that option -> newly learnt parameters are automatically given type as ignore value. and not the proper type ie the user-data value. if i change manually , it gives a warning that it will stop automatically giving parameter type to learnt parameters, my question here is will it still learn new parameters once i updated the previously learnt parameter type?
Hopefully someone could help me out. Thank you