Forum Discussion

Mark_22062

Nimbostratus

Aug 25, 2013

Custom Signature in ASM

I am trying to create a custom signature that detects a number of Nuisance URLs that are being thrown at our site, but am having a few issues with the syntax of the rule. I've read through the ASM s...

Cirrostratus

Aug 27, 2013

Got this to work. I tested the signature on a VS that only had explicit allowed URLs. When throwing some nonsense URLs at the VS it came up as signature detected.

So on a hunch I removed the explicit learning wildcard URL from the actual VS and it now detects the signature. ASM automatically re-added the wildcard learning URL to the policy but it is still detecting the nuisance URLs.

This signature worked:

uricontent:"http"; nocase; objonly;

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Custom Signature in ASM

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

How to configure ssh access by key on F5OS

F5 BIG-IP DNS/Audit Logs — Structured Format for SIEM Ingestion

Bot Defense causing a lot of false positives

Recommendation for Adv. Lab

iRules for recreation: HTTP Protocol Parser implemented using BIG-IP iRule(unfinished)

Related Content

Custom Attack Signatures

ASM Custom Signatures, oh my!

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Customized Bot Signature not working

November Security Research Update: Newly Released Attack Signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS