Forum Discussion
CirrostratusF5 ASM | Web Server Probe Signture
Hi
we see in event logs a lot of this attack signature:
Signature ID
200015107
Signature Name
Web Server Probe (Nuclei Scanner)
I searched for this signature to apply Block but can't find it
Where I can find this signature?
any idea how to block it?
Hi,
it's part of the Generic Detection Signatures. Where you can find it depends a bit on your BIG-IP version. In 15 it is in Security ›› Application Security : Security Policies : Policies List ›› YourPolicyName >> Attack Signatures.
Filter by Signature ID there you find it and check its Enforcement status.
Whether it is in Blocking or not, you can see in Security ›› Application Security : Policy Building : Learning and Blocking Settings, open the menu for Attack Signatures and check if Generic Detection Signatures are in Blocking Mode.
KR
1 Reply
- Daniel_Wolf
MVP
Hi,
it's part of the Generic Detection Signatures. Where you can find it depends a bit on your BIG-IP version. In 15 it is in Security ›› Application Security : Security Policies : Policies List ›› YourPolicyName >> Attack Signatures.
Filter by Signature ID there you find it and check its Enforcement status.
Whether it is in Blocking or not, you can see in Security ›› Application Security : Policy Building : Learning and Blocking Settings, open the menu for Attack Signatures and check if Generic Detection Signatures are in Blocking Mode.
KR
