ASM / WAF : block request containing certain string?

Question

I have added as much XSS blocking to a policy as possible. A request containing onmouseover or onclick or .... ="alert('hello')" is blocked fine.

But when it's coded like onmouseover or onclick or .... ="self['\x....... the ASM accepts this as valid.

Can I block a request with this parameter value?

How do I achieve this?

sajid · Answer

try custom attack signature Security&nbsp;››&nbsp;Options: Application Security: Attack Signatures: Attack Signatures List&nbsp;Click create and define your own pattern.&nbsp;

andréb · Answer

Hi Sajid,Your suggestion creates a "global" attack signature. And will, on creation, as I read it, be added to all the policies.We have several policies running and I don't want to mess up policies for which I'm not responsible.There is an attack signature self[] (parameter) (id 200101630) to choose from and is already added/active to the policy.But it doesn't block self['\x... ], self with HEX in it as it is added in the value part of a parameter.Maybe it's better to report it to F5 Support&nbsp;

Forum Discussion

ASM / WAF : block request containing certain string?

2 Replies

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Terraform AS3 code for GTM Only.

BIG-IP device fails to install node-inspector

WAF Block Request

AST Configuration Assistance

F5 HA deployment in Azure using Azure Load Balancer

Related Content

Knowledge sharing: Containers, Kubernetes, Openshift, F5 Container Connector, NGINX Ingress

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

ASM blocked request contains & (ampersand) symbol in parameter value

Logging DNS Requests

Scaling Containers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS