Forum Discussion

Nimbostratus

Feb 21, 2016

F5 ASM attack signature detection

the asm is detecting an sql injection and you can see in the below image when I when to check the detail of the violation, we can see that its a color code that's being rejected. Do you think that's...

Cirrocumulus

Feb 21, 2016

Staged items will not cause a block, so the block is done to the HTTP response code. You can't learn these but you can add them to the policy on the main settings page of the policy. It depends whether you want to allow users to see the 500 error displayed, if not then stay as you are and they'll see an ASM block page instead.

As for allowing the colour item, you can create a global parameter, as found above, and allow the attack signature on this parameter.

The Traffic Learning section should offer to do this policy change for you, rather than manually.

Hope this helps,

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

F5 ASM attack signature detection

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack

Default Attack Signature Sets

Live Update- ASM attack signatures

Increasing accuracy using Bad Actor and Attacked Destination detection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS