AFM Learn-Only Signatures Dropping Traffic

Question

I was under the impression initially that if you had these dynamic signatures set to learn-only you weren't going to drop traffic. I have set all of these vectors to enforced and it looks like the event logs show drops so is this in fact enforcing/dropping?&nbsp;
&nbsp;
&nbsp;

nathe · Answer

ipman,&nbsp;
What you are seeing in the logs is right, the Attack Vectors are enforced so AFM is dropping traffic. The Learn Only mode you are seeing is referencing Dynamic Signatures. Here, the AFM is doing Behavioural analysis and creating Dynamic Signatures on the fly, if required. Looking at your logs it's not triggering a Dynamic Signature, rather the default BADACK attack vector. &nbsp;
See &nbsp;
Detecting Dynamic DoS Attacks&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

AFM Learn-Only Signatures Dropping Traffic

Recent Discussions

How do I create a traffic log for two different route domains?

Http / https health monitor issue

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

Related Content

Scanning for CVE-2017-9841 Drops Precipitously

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Drop reason counters.rx_portd_rdisc

BoT Defense Profile, Signature Enforcement

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS