F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

gh0st_325958's avatar
gh0st_325958
Icon for Nimbostratus rankNimbostratus
Jan 04, 2018

Block all high/medium severity rules

Dear All,   I use F5-ASM, and it learning from my traffic now, but as I saw it catch only low severty rules.   Has any options in F5-ASM to set all high/medium severity rules to block state wit...
ASM Advanced WAF
BIG-IP
devops
security
Jad_Tabbara__J1's avatar
Jad_Tabbara__J1
Icon for Cirrostratus rankCirrostratus
Jan 04, 2018

Hello,

 

Not sure if we are talking about same thing, but in ASM you have both "Attack Signatures" and "Violations". If the problem is with the "Attack Signatures" then you can modify your ASM policy to trig only on following "Attack Signatures" categories :

 

Signature Set Name :

 

  • High Accuracy Signatures

     

  • Medium Accuracy Signatures

     

To do this you have to go to "Security ›› Application Security : Policy Building : Learning and Blocking Settings" under "Attack Signatures" click on the "Change" button and replace the existing by above categories.

 

Regards