For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

P_Casoria_18761's avatar
P_Casoria_18761
Icon for Nimbostratus rankNimbostratus
Feb 16, 2015

ASM module - efficacy testing

Hello everyone, I've deployed an F5 BIG-IP 2000s with LTM and ASM inside my architecture and I need to test the efficacy of Web Application Firewall (ASM module).   I've deployed "WebGoat" applica...
ASM Advanced WAF
deployment
management
security
gsharri's avatar
gsharri
Icon for Altostratus rankAltostratus
Feb 17, 2015

By default attack signatures apply to the entire content of a request. The http method does not matter. What is in the content of the post that you expected would be blocked? Does the post appear in the ASM request log?

 

Also additional information would be useful:

 

What version are you running?

 

How was the security policy created: manual? template? automatically?

 

Is the local traffic policy routing all requests through the security policy?

 

Which signature sets are assigned in the security policy?