Forum Discussion

Nimbostratus

Aug 25, 2021

ASM don't block XSS

hi all, why the asm don't block this : "</script><script>window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()</script>"><script>alert(150)</script>&arguments=-N2019,-A,-N325,-N0" ...

Employee

Aug 25, 2021

That string should trigger an attack signature violation. On my system, the attack signature ID is 200001475. Do you see that signature in your event log and is it possible that the signature is in staging?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM don't block XSS

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

SSO login for APM Profiles

Can F5 restrict the file types transferred via FTP?

APM VPN LDAP POOL can't contact ldap server.

Kerberos Authentication Failing for Exchange 2016 Behind F5 Cloud WAF

r-series LAG

Related Content

Block IP after a number of ASM Blocks

Can't upload msg file - ASM block

ASM blocked page redirect

ASM block page for use with API waf policy

ASM Sanitize Blocking Page Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS