ASM slows basic website
We have a pretty basic ASM policy applied in transparent mode against a standard https website. When we apply the ASM HTTP Class the website slows to a crawl to get to the home page. If we remove the ASM HTTP Class the site opens as expected less than a second. I know it doesn't make a difference whether the ASM policy is in transparent mode or blocking mode its still processing the request its just the final outcome that is different.
Does anyone have any suggestions on what to look for?
ASM Policy includes the following.
RFC – Evasion technique detected, HTTP protocol compliance failed
Access Violations - Access from malicious IP address, Illegal HTTP status in response, Illegal meta character in parameter name, Illegal method, Illegal URL, Request length exceeds defined buffer size
Length Violations - Illegal cookie length, Illegal header length
Input Violations - Disallowed file upload content detected, Illegal meta character in value
Cookie Violations - Modified ASM cookie
Negative Security Violations - Attack signature detected