Forum Discussion

quangtran's avatar
quangtran
Icon for Cirrus rankCirrus
Jul 30, 2024

Big-IP ASM automatically removes my hostname

, but I don't see the violation reaching the threshold of 100.
Hello everyone,

Recently, my service has encountered an issue. In the evening, while everything was running normally, I received a block warning from ASM. Upon checking, I found that my hostname was automatically removed from the policy by ASM. I am using fully automatic as per this link: https://my.f5.com/manage/s/article/K000134503. However, the problem is that when I checked for violations, I did not see any violations related to violations="Illegal host name." So, why did it reach the threshold of 100 and remove my hostname? Could this be a bug? I checked that there were no accept suggestions at that time, only violations="Illegal repeated parameter name," which I do not think is the issue. Thank you.
asm

8 Replies

Sort By
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Aug 03, 2024

    Did it happen again or was it a one time occurrence?

     

    Can you involve F5 support? They can actually look at your configuration and perhaps logs which makes things way easier.

     

    What was your enforcement mode set to?

    • quangtran's avatar
      quangtran
      Icon for Cirrus rankCirrus
      Aug 05, 2024

      Hi boneyard 
      I switched the Policy building learning mode to manual, and this issue no longer occurs. I have always set the mode to blocking from the beginning. I want to investigate the cause of the problem, which is why I brought up this topic. This issue occurs on many of my F5 servers, from devtest to prod.

      • boneyard's avatar
        boneyard
        Icon for MVP rankMVP
        Aug 05, 2024

        Certainly if it can be reproduced I would involve F5 support.

         

        I gave it quick try myself, not sure how I would trigger the hostname removal now. You don't do anything just keep getting traffic to it?

    • quangtran's avatar
      quangtran
      Icon for Cirrus rankCirrus
      Jul 30, 2024

      Sure, I have configured and my service is running normally. I am not using subdomain included because there is only one hostname for this service.