Forum Discussion

Nimbostratus

Sep 06, 2012

ASM - 200001067 Attack Signature

Struggling to find info on this AS and wanted to know if it was safe to disable it on a parameter or if there is a better approach. I am on 10.2 thanks Lance

app sec

BIG-IP Access Policy Manager (APM)

security

Torti

Cirrus

Nov 28, 2012

I recommend to disable this, allways. There exists a lot of possible parameter, like cities, email address, name, which can contain the substring mocha.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM - 200001067 Attack Signature

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

iRule causing requests to be duplicated (sometimes)

SSL Bridging and FQDN rewrite Policy

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Related Content

November Security Research Update: Newly Released Attack Signatures

Custom Attack Signatures

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack

Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS