For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mkeenan_289714's avatar
mkeenan_289714
Icon for Nimbostratus rankNimbostratus
Oct 06, 2016

Customizing Attack Signatures

How can I manually alter attack signatures that are attached to a security policy? For example, if a signature is matched, how can we customize that specific signature for our application?  
ASM Advanced WAF
security
Erik_Novak's avatar
Erik_Novak
Icon for Employee rankEmployee
Oct 06, 2016

Having QA run valid traffic is a great way to start. So the script example might be tricky. ASM is sophisticated enough that the simple presence of your example in some random request might not trigger an attack signature at all. A good plan of action might be to watch those attack signatures which are triggered, and then take a good look at what caused the violation. If script and open/end tags are allowed as input for a form parameter, then you could disable that signature on that parameter, for example. Any policies you create can be exported to another licensed ASM unit or applied to virtual servers. Attack signatures start out in staging, so you should be able to run traffic without affecting traffic.