For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

daboochmeister's avatar
daboochmeister
Icon for Cirrus rankCirrus
Aug 30, 2018

ASM - Understanding why "Attack Signature Detected" did not block the access

Env: LTM 11.5.2; Context: Web application   We have an ASM security policy configured and applied to a VIP; the policy is in blocking mode, not transparent; all signatures have "Enforced" = "Yes...
application delivery
ASM Advanced WAF
enforce signature
security
daboochmeister's avatar
daboochmeister
Icon for Cirrus rankCirrus
Aug 31, 2018

Hmm ... I may have figured it out. Our screen at "Security ›› Application Security : Attack Signatures : Attack Signatures Configuration" appears as follows:

 

 

Does that mean that all the signatures not in those two assigned signature sets will not be enforced? And to enforce them immediately (e.g. for the SQL injection set), i move the set to the list and make sure "Block" is checked? I don't want to turn off signature staging (because it would affect new signatures from updates, i would think - for which I DO want a staging interval) - once i've tested, how do I immediately move the newly added signatures from staging to "active"?

 

thx