Forum Discussion

Nimbostratus

Jan 10, 2017

ASM attack signature false positive

Hi, I have 2 application; one of them run on F5-ASM which is AA and other one not which is BB. BB try to connect AA for some data, but ASM blocked and I could not see any support ID. When i...

Cirrus

Jan 10, 2017

Is your policy configured via manual learning? Check the attack detection on Security ›› Application Security ›› Policy Building ›› Manual Traffic Learning, if the violation is detected.

How did you find that ASM is blocking this request? If you have a response page include <%TS.request.ID()%> so that it can display the support id.

Also it is possible to by pass the ASM for specefic IP address if you would like to.

-Jinshu

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM attack signature false positive

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

HA Failover between two Datacenters

LTM issue Openning new web browser tab

F5 asm/awaf

Cannot ping external interface

AST Configuration Assistance

Related Content

Attack Signature False Positive Mode

Custom Attack Signatures

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack

Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS