ASM Custom signature set behavior.

Hey Folks,

Asking a query after a long. I found a limitation with ASM Custom Signature Set configuration, and I need your expert advise to confirm if my understanding is correct or not.

We have got a requirement from a customer to block all Javascript based XSS attacks. (They have external pentesting team, who found that their application is vulnerable to XSS for every javascript events). Using the default ASM signature set, it didn't seem to working with Javascript event based XSS attack, however rest of the attacks were being blocked.

To achieve customer's requirement, we designed a custom signature set, contains 39 different signatures for every events For eg. , onChange etc. and put all the signatures into a single signature set in ASM.

Surprisingly, only first signature worked and rest 38 didn't. I'd take one signature from the list, and configure another signature set, and put this signature into the new signature set. And it worked.

This seems that I must have to create individual signature set for individual signatures. Which I feel tedious and time consuming. Prone to error and increase administrative overhead.

Could anyone please confirm if this is normal behavior? Is this a limitation of ASM?

Thanks in advance, Darshan

Forum Discussion

ASM Custom signature set behavior.

Recent Discussions

Reliable resources for identifying IP addresses

Maximum throughput of f5 ltm

Issue on license renewal

iRule cookie persistence and pool redirect

redirect not working

Related Content

Customized Bot Signature not working

Mitigating log4j (CVE-2021-44228) with AFM Protocol Inspection Custom Signatures

Using Perl Compatible Regular Expressions (PCRE) in Protocol Inspection Custom Signatures

AFM Protocol Custom Signatures for Spring4Shell and Spring_Cloud (CVE-2022-22963 and -22965)

Behavior of outbound DNS query from LTM behavior