Forum Discussion

Nacreous

Oct 18, 2022

All attack signatures vs server/application specific ASM attack signatures

Hi, as per everyone's experience, what's best to select attack signatures for a WAF policy? I'm aware that all attack signatures might have some downside (latency, resources issue) but isn't it goo...

security

waf

buulam

Admin

Oct 27, 2022

I can see your point but one thing I'd consider is that you can potentially (actually probably) open yourself up for a lot of false positives. To the point where if an attacker knows this is the case, they could fill your logs with false positives, while burying actual attack attempts. Sure - you could filter that out but then why have that in the first place? Those are my views at least. Good topic!

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

All attack signatures vs server/application specific ASM attack signatures

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

ASM/AWAF declarative policy

Changes to DO and AS3 GitHub - no longer monitored

Help with SSH Virtual Server

GRE Tunnel Issue

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Related Content

November Security Research Update: Newly Released Attack Signatures

NGINX App Protect v5 Signature Notifications

Custom Attack Signatures

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS