log illegal requests in ASM policy transparent mode

Question

If we have an ASM policy applied on a virtualserver in transparent mode, no request is treated as "Illegal request". Hence we can't see what is blocked.&nbsp;
We want to know what WOULD be blocked if the policy was in blocking mode.&nbsp;
How can we configure the log profile to log "illegal" requests but not "All requests".&nbsp;
Version 12&nbsp;

bobow · Answer

Hi,&nbsp;
in transparant mode you can still see the "illegal request". &nbsp;
Check your violation rating in event logs application requests.&nbsp;

erik_novak · Answer

OOTB functionality is illustrated in the screenshot above. If you selected Log illegal requests and assigned it to the virtual server it should work. It sounds like maybe you have created a custom logging profile, which is fine. If you have a custom profile you need to assign it to the virtual server in the same way. Can you try sending a request you know is illegal, perhaps by triggering a simple attack signature? If you go to the Learning and Blocking Settings page, do any of the violations, especially attack signature violations, have the "Alarm" check box selected?

Forum Discussion

log illegal requests in ASM policy transparent mode

2 Replies

Recent Discussions

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Related Content

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

With the ASM, can illegal requests be CSV exported?

Transparent Load Balancing in Azure

Integrating SSL Orchestrator with Symantec ProxySG: Transparent Proxy

Integrating SSL Orchestrator with CheckPoint Firewall VM-Transparent Proxy