Forum Discussion

Nimbostratus

May 28, 2026

AWAF Detection Inconsistency Between Similar Test Payloads

Hi everyone, I'm testing F5 AWAF against several attack payloads in a lab environment (crAPI). I noticed some inconsistent detection behavior and ...

security

zamroni777

MVP

Jun 11, 2026

incositently usually happens when the tested webserver (the pool member) has been compromized by your earlier attacks, e.g. script injection has been stored in the app's db.

if haven't, also set the Server Technologies config properly according to the tech used by pool member.
this config usually too strong for live use cases and needs to be loosen using learning from legitimate testers.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

AWAF Detection Inconsistency Between Similar Test Payloads

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

Clone/export/import API Protection Profile

UCS file migration on differing OS versions

simultaneous disabling / enabling of all LTM objects

F5 VE WAF FINE TUNING

Changes to DO and AS3 GitHub - no longer monitored

Related Content

LLM Prompt Injection Detection & Enforcement

Rethinking Payload Parsing: Native JSON Handling in iRules

WS-Shield: WebSocket Abuse Detection & Adaptive Enforcement Gateway

F5 Distributed Cloud JA4 detection for enhanced performance and detection

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS