CirrostratusI created the ASM policy with OWA exchange template on v13.1.1.2
These templates are marketed as ready to block but all the parameters are set to lengths of 10, even the parameters like username.
They are creating immediate false positives.
So I now will have to put it on transparent and set learning.
Any suggestions with these template? What would work best? Auto learn or manual?
CumulonimbusHi David,
the good alternative is to switch to transparent mode the time to learn as you done.
from my point of view I prefer to set policy in Manual learn this allows me to have a total mastery especially if the service is exposed on the internet (if you have the opportunity to learn that based on internal user you could put your policy automatically).
I also advise you to finetunnig your configuration, let's take the example of parameter lengths, I removed them (parameter or URI). for me it is not convincing...
another point we must not forget to configure the policy (Learning and Blocking Settings) to selective (For URL and Parameter). If you allow an exception (false positif), it will not be applied to all the site but only to your URL or related parameters.
Regards
CirrostratusCumulonimbusHi,
I fully understand your point of view.
But I think F5 does its best to provide a generic template. Some users use for example use a trigram to connect and in this case it could have worked without problem.
But in any case when you have an ASM policy you will have to customize it (parameter, URL length, ...).
let me know if you need more assistance.
regards
Cirrostratus