Forum Discussion

Nimbostratus

Jul 08, 2010

Attack signature not triggered

Hello, We had a visit from an attacker last night and ASM did not trigger on this URI: /content/job-details.php?id=-49893%20UNION%20SELECT%20CHAR(97,102,56,56,48,48,55,53,97,97)--1...

app sec

BIG-IP Access Policy Manager (APM)

security

imac_105647

Nimbostratus

Jul 08, 2010

Hi Aaron,

Yes the signatures appear to be enabled both globally on the policy and on the wildcard parameter.

The ASM did not alert so there is not full request info page unfortunately. I only know about the attack because mod_security stepped in it's way.

I might try to modify the URI to get ASM to trigger for another metacharacter and see what happens then.

Ian

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Attack signature not triggered

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Exchange cert upgrade on F%

Recommended Study Guide, Books or Labs for F5 ASM/AWAF Module

email alert when service restarts

Unable to download files greater than 4GB. Running version 15.1.5.1

F5 Distributed Cloud Services Simulator Connect

Related Content

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack

NGINX App Protect v5 Signature Notifications

Live Update- ASM attack signatures

Default Attack Signature Sets

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS