Disable Attack Signature on Hostname

Question

I think I already know the answer ( create a separate ASM policy ) but thought I would ask the more knowledgeable people out there.&nbsp;
I have a large amount of sites on my F5 ASM/LTM device so I have tried to group like sites in ASM policies together, this works generally fairly well.&nbsp;
However, I have one site in my catch all policy that is triggering a particular attack signature that I want to disable for that site ( i.e, disable via hostname ). Is there anyway possible to do this ? The attack signature itself is 200001579, formaction(Parameter) so turning it off at the parameter lever ( formaction ) is the same as turning it off globally.&nbsp;
So apart from creating a new policy for just that one site, is there any alternatives ?&nbsp;
F5 version is 11.5.1 HF7.&nbsp;
Dan&nbsp;

max_q_factor · Answer

Have you looked into an ASM iRule? Here is a devcentral question about it https://devcentral.f5.com/questions/disable-specific-asm-attack-signatures-on-specific-url&nbsp;

Forum Discussion

Disable Attack Signature on Hostname

1 Reply

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Block specific URL's in APM

Sizing calculation storage

Upgrading vCMP guest

API Pre-Authentication

Pre & Post validation of F5 configuration

Related Content

Disabling signature for a URL

November Security Research Update: Newly Released Attack Signatures

NGINX App Protect v5 Signature Notifications

ASM irule to disable attack signature authorization header with specific value

Custom Attack Signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS