For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

coda6_52611's avatar
coda6_52611
Icon for Nimbostratus rankNimbostratus
Feb 23, 2009

ASM and XSS

We had our website security audited recently with it sitting behind our 6400 with an ASM. The ASM was configured and had been learning for a few months and we turned to finally start blocking attacks ...
app sec
BIG-IP Access Policy Manager (APM)
security
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Feb 23, 2009
Hi Ken,

 

 

I'd send Ziv an email. I'm sure he'd be happy to help you get started in diagnosing/fixing the issue.

 

 

Most of the XSS-related signatures are in the "All Systems" set. Do you have this set enabled? Are the signatures out of staging? Is the policy in blocking mode for 'Attack Signature detected'?

 

 

Where in the request is the XSS? Is it in a parameter value, parameter name, header value, object, etc? Do you hvae a wildcard object and/or parameter defined? What is the text of the attack? Can you post the HTTP headers/body of the attack example?

 

 

Aaron