Disable ASM illegal HTTP status response logging
Hello,
my ASM policy setting looks like this:
Why do I still get Application Request Logs where the only violation is
I am fine with the blocking of unallowed HTTP status codes but I was expecting that the unchecked alarm box would prevent these logs. Do I have to define a special log profile for this? It is set to "log illegal requests".
Thank you
The purpose of Alarm is to let you know if you have traffic that may be illegal--but you haven't decided yet, as might be the case when the policy is in Transparent mode. For example, you might be checking that F5 Adv. WAF doesn't classify something as illegal that should be legal for your application before you place the policy in blocking mode. Alarm produces a log entry to alert you about the potential of a false positive violation.
Block controls whether the violation will cause the request to be blocked. Blocked events are always logged because they are illegal by definition.
If you really don't want to see that response code violation, you can create a custom logging profile, enable Response Logging, and then exclude specific response codes from being logged.