For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dan_Markhasin_1's avatar
Dan_Markhasin_1
Icon for Nimbostratus rankNimbostratus
Oct 26, 2015

Apply ASM attack signatures to URLs?

Hi,   Is it possible to apply ASM attack signatures detection to URLs? This is the scenario I am trying to solve:   1) Assume we have a RESTFul web service that returns user details given a use...
ASM Advanced WAF
security
Tim_K_92675's avatar
Tim_K_92675
Icon for Cirrostratus rankCirrostratus
Oct 26, 2015

Depends on how your policy is configured. The out-of-the-box General Signature List includes SQL Injection signatures, so I would verify if they are enabled. Go to your policy, then go to Security ›› Application Security : Attack Signatures : Attack Signatures List. Plug in 1=1 in the Containing String field and select SQL-Injection in the Attack Type field then hit Go. From the results, ensure the applicable signatures are Enabled and not in Staging mode.