For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mister_C's avatar
Mister_C
Icon for Nimbostratus rankNimbostratus
Sep 09, 2015

Disable an attack signature

I'm in need of a solution that will allow me to disable specific attack signature (200003031) per WAF policy without impacting the remaining WAF policies that utilize attack signature: 200003031.   ...
ASM Advanced WAF
management
security
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Sep 09, 2015

Mister C,

 

If, within the GUI you can disable Attack Signatures from the policy itself, and this won't affect other policies that have the signature in its database. Open your policy and go to Application Security - Attack Signatures - Attack Signatures list. Search for the signature and click on it. Uncheck the Enabled box. Apply Policy.

 

On a seperate note, an Attack signature being triggered is different from other violations, say ASM cookie highjacking. Both violation types have their own Learn, alarm and blocking settings.

 

Hope this helps,

 

N