Forum Discussion

Cirrus

Aug 30, 2018

ASM - Understanding why "Attack Signature Detected" did not block the access

Env: LTM 11.5.2; Context: Web application We have an ASM security policy configured and applied to a VIP; the policy is in blocking mode, not transparent; all signatures have "Enforced" = "Yes...

Cirrostratus

Aug 31, 2018

Could you check the following ?

Go to Application Security : Attack Signatures : Attack Signatures List

Make sure that the "Block" and "Enabled" flags of the signatures are set to "Yes".

Go to Application Security : Policy Building : Enforcement Readiness

Make sure all signatures are enforced.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM - Understanding why "Attack Signature Detected" did not block the access

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Geo location update

Help with an iRule to disconnect active connections to Pool Members that are "offline"

block a specific user

ASM/AWAF declarative policy

OOB Security Notification — Why you should patch NGINX Plus/Open Source now

Related Content

Understanding iApps

Real Attack Stories: The "MOP Sink" Attack

Tourniquet iRule to detect, BLOCK, log, and count CVE-2016-9244 "Ticketbleed" attacks

Understanding IPSec IKEv2 negotiation on Wireshark

Understanding IPSec IKEv1 negotiation on Wireshark

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS