Customizing Attack Signatures

Question

How can I manually alter attack signatures that are attached to a security policy? For example, if a signature is matched, how can we customize that specific signature for our application?&nbsp;

erik_novak · Answer

Can you clarify what you mean by "customize" the signature for your policy? You cannot edit the attack signatures that ship with the product or that you download from F5. You can edit signatures that you create yourself.

erik_novak · Answer

Having QA run valid traffic is a great way to start. So the script example might be tricky. ASM is sophisticated enough that the simple presence of your example in some random request might not trigger an attack signature at all. A good plan of action might be to watch those attack signatures which are triggered, and then take a good look at what caused the violation. If script and open/end tags are allowed as input for a form parameter, then you could disable that signature on that parameter, for example. Any policies you create can be exported to another licensed ASM unit or applied to virtual servers. Attack signatures start out in staging, so you should be able to run traffic without affecting traffic.

Forum Discussion

Customizing Attack Signatures

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Custom Attack Signatures

November Security Research Update: Newly Released Attack Signatures

Blocking Spam with Custom Attack Signatures

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS