ASM don't block attack XSS

Question

hi all,I enabled all the XSS signatures and all signatures are state no staging.why the asm don't block this : &lt;script&gt;alert("attack")&lt;/script&gt;It match to some Attack Signature ID : 200101609 , 200001088, 200000098, 200001475Here is state of signature ID 200001475Thanks.

samir · Answer

its difficult to help you without seeing Request &amp; Responce header... Good to open support case if you find issue..

samir · Answer

Looks like you have not configure WAF policy properly or this attack signature may be not inheritted from Parent Profile. please check and adjust accordingly.
Thanks

hoangnv · Answer

Hi Samir,Could you share me some suggestion to check it.

zamroni777 · Answer

did that &lt;script&gt;..... come in server response or client request?asm wont block it if it comes from server response.

hoangnv · Answer

It's client request, and asm has score 4 for event log this.

Forum Discussion

ASM don't block attack XSS

Recent Discussions

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

F5 Health Monitor Receive String as JSON

Cloudflare True-Client-IP as Persistence

Should config via cli rather than gui?

Get actual client ips in splunk

Related Content

The HTTP/2 CONTINUATION frame attack

ESRP Strategies: DNS Water Torture Attack

Blocking Zero-day WordPress Attacks with F5 Essential App Protect

Real Attack Stories: Bank Gets DDoS Attacked

Block Attack Vectors, Not Attackers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS