Forum Discussion
Moinul_Rony
Altostratus
AltostratusF5 is not blocking Cross Site Script attack
Hi, This is a general question for F5 11.2.0 version software around where we go about enabling the Cross Site scripting. Is this being done via the CSRF Protection mechanism. Are we able to enable i...
mrshaggy_169440
Nimbostratus
NimbostratusDear All,
I had the same problem like question above. My websites still enable to be attack using XSS, especially using alert() parameter.
For information:
-My security policy has been blocking
-My attack signature staging has been disabled
-My alert() signature also has been enable
-I got some propose parameter policy from Manual Traffic Learning that associate with XSS attack. I already accept it, an parameter has been add to the Security > App Security > Parameter, and no staging for this parameter.
-OS version 11.3.0
-Attack signature v10.2.0, last update 18-01-2011
I know that my attack signature has been very-very old and need to be update, but XSS is a common attack so i think this signature should can be able to block the attack. Anybody can help me about this problem? Does it because the old attack signature? And is there any concern that I had to know if I want to update my signature, in case my signature has been very long time not updated?
Thanks before for the help
Shaggy