Forum Discussion
ASM don't block attack XSS
hi all,
I enabled all the XSS signatures and all signatures are state no staging.
why the asm don't block this : <script>alert("attack")</script>
It match to some Attack Signature ID : 200101609 , 200001088, 200000098, 200001475
Here is state of signature ID 200001475
Thanks.
its difficult to help you without seeing Request & Responce header... Good to open support case if you find issue..
- zamroni777Nacreous
did that <script>..... come in server response or client request?
asm wont block it if it comes from server response.
- hoangnvNimbostratus
It's client request, and asm has score 4 for event log this.
Looks like you have not configure WAF policy properly or this attack signature may be not inheritted from Parent Profile. please check and adjust accordingly.
Thanks
- hoangnvNimbostratus
Hi Samir,
Could you share me some suggestion to check it.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com