Forum Discussion

Nimbostratus

Jul 08, 2010

Attack signature not triggered

Hello, We had a visit from an attacker last night and ASM did not trigger on this URI: /content/job-details.php?id=-49893%20UNION%20SELECT%20CHAR(97,102,56,56,48,48,55,53,97,97)--1...

app sec

BIG-IP Access Policy Manager (APM)

security

hoolio

Cirrostratus

Jul 08, 2010

Sorry, that would only have worked if you were logging all requests. You could also append a query string parameter with a ' or some other metacharacter that is marked as illegal to trigger a violation.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Attack signature not triggered

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Connection Rate Limit with log output

syslog over tcp and define management IP as source

Managing iRules configuration

Recommendation for Adv. Lab

Related Content

November Security Research Update: Newly Released Attack Signatures

Custom Attack Signatures

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack

Attack Signature False Positive Mode

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS