Forum Discussion
ASM don't block attack XSS
hi all,
I enabled all the XSS signatures and all signatures are state no staging.
why the asm don't block this : <script>alert("attack")</script>
It match to some Attack Signature ID : 200101609 , 200001088, 200000098, 200001475
Here is state of signature ID 200001475
Thanks.
Looks like you have not configure WAF policy properly or this attack signature may be not inheritted from Parent Profile. please check and adjust accordingly.
Thanks
- hoangnvNimbostratus
Hi Samir,
Could you share me some suggestion to check it.
- zamroni777Nacreous
did that <script>..... come in server response or client request?
asm wont block it if it comes from server response.
- hoangnvNimbostratus
It's client request, and asm has score 4 for event log this.
its difficult to help you without seeing Request & Responce header... Good to open support case if you find issue..
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com