Forum Discussion

Nimbostratus

Jun 14, 2013

Enforce Attack Signature in ASM

Hi out there I have a problem which might be pretty simple - and probably caused by insufficent knowledge of the system - but - I have a couple of F5's where I have had a security policy running...

config

design

ltwagnon

Ret. Employee

Mar 25, 2014

If you select "Disable on parameters" or even "Disable" then you will be disabling the attack signature for either that specific parameter or the entire security policy. So, if you want to enforce the attack signatures, then you should not select the "Disable" option. Also, don't forget that you need to make sure the Blocking Settings are configured to "block" on the "Attack Signature Detected" setting. You can check all the Blocking Settings by going to Security >> Application Security >> Blocking >> Settings. One last thing...the attack signatures cannot be in Signature Staging if you want them to block. Even if you check the "block" option, they won't block if they are in Staging mode.

Forum Discussion

Enforce Attack Signature in ASM

Recent Discussions

F5 Distributed cloud Account

Issues with F5 appliance black holeing traffic

Need help on i-rule to specific uri path

BD Key Failed and F5 stucked Offline state after update

APM to Forward requests for one public URL for remote clients

Related Content

BoT Defense Profile, Signature Enforcement

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack

Automate ASM "Ready to Be Enforced" Attack Signatures

The HTTP/2 CONTINUATION frame attack