Forum Discussion
How do you create an Attack Signature exception for one URL in a policy?
There is a SQL Injection signature that is throwing a false positive for one of the URLs in our policy. This is a high threat signature so we still want it to be in blocking, but want one URL to be exempt from it. I know that you can add URLs to the white list, but as far as I know that would white lists all traffic from them, not just one signature. Any suggestions? Thanks!
- Leonardo_Peral1Nimbostratus
I dont believe you can.
But..Create an explicit parameter and then go to its properties, under Attack Signatures tab move the offending attack signature to the Override box and select Disabled.
if what Leonardo Peralta points out doesn't work because it isn't a parameter related signature then you could run two ASM policies and disable the signature in one of them and assign that one via a local traffic policy or irule for that URI. lots of work and it doesn't scale well.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com