Forum Discussion

Nimbostratus

Aug 03, 2016

Attack signature updates.

can anyone confirm best practices for Attack Signature updates? I would like to know if when working with a production environment if it would be safer to implement in the below stated layout as oppo...

MVP

Aug 03, 2016

false positives with (attack) signatures is an issue with any type of device, a WAF like the ASM module or a firewall IPS module. be honest against your customer and explain that some requests might be blocked which were no attacks. if you want security and use attack signatures you will need to accept that.

but you can make the risk smaller as explained by Jinshum, of course putting them trough testing is nicer, but can you test well enough?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Attack signature updates.

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Live Update- ASM attack signatures

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Are ASM Attack Signature Updates Cummulative?

Wildcard Parameter signature attack

Is the update and application of new AWAF attack signatures "Service Affecting"?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS