Forum Discussion

Icon for Cirrostratus rank

Cirrostratus

Sep 13, 2021

attack Signature detected but i can not find keyword inside request

Hello everyone,

i found log for attack signature detection with the below image but i cannot find detected keyword within the request, how is that possible???!

application delivery

ASM Advanced WAF

samstep
Sep 13, 2021
ASM truncates requests when logging them, so it is possible that the attack signature was found in the part of the payload which was not logged.

https://support.f5.com/csp/article/K11048172

samstep
Cirrocumulus
Sep 13, 2021
ASM truncates requests when logging them, so it is possible that the attack signature was found in the part of the payload which was not logged.

https://support.f5.com/csp/article/K11048172
- Ahmed_Galal
  Cirrostratus
  Sep 14, 2021
  Good Morning Sam,
  hope that you are doing well.
  
  thank you for your assistance, i am now in middle of increase max log size and face memory issue that might happen or convince developer with this part of request 😂 😂
  - samstep
    Cirrocumulus
    Sep 14, 2021
    if they payload is really big (is the developer uploading a file?) this might be a false positive. You could also intercept the request using intercepting proxy such as Fiddler, OWASP ZAP or Burp Suite.
    In your screenshot the signature 200000107 is detecting symbols &{

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming