Forum Discussion

Mark_22062

Nimbostratus

Aug 26, 2013

Custom Signature in ASM

I am trying to create a custom signature that detects a number of Nuisance URLs that are being thrown at our site, but am having a few issues with the syntax of the rule. I've read through the ASM s...

Cirrostratus

Aug 28, 2013

Got this to work. I tested the signature on a VS that only had explicit allowed URLs. When throwing some nonsense URLs at the VS it came up as signature detected.

So on a hunch I removed the explicit learning wildcard URL from the actual VS and it now detects the signature. ASM automatically re-added the wildcard learning URL to the policy but it is still detecting the nuisance URLs.

This signature worked:

uricontent:"http"; nocase; objonly;

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Custom Signature in ASM

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

ASM Custom Signatures, oh my!

F5 AWAF/ASM Bot protection custom signature does not allow the traffic

Customized Bot Signature not working

Live Update- ASM attack signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS