How do you create an Attack Signature exception for one URL in a policy?

Question

There is a SQL Injection signature that is throwing a false positive for one of the URLs in our policy. This is a high threat signature so we still want it to be in blocking, but want one URL to be exempt from it. I know that you can add URLs to the white list, but as far as I know that would white lists all traffic from them, not just one signature. Any suggestions? Thanks!

leonardo_peral1 · Answer

I dont believe you can.&nbsp;
But..Create an explicit parameter and then go to its properties, under Attack Signatures tab move the offending attack signature to the Override box and select Disabled.&nbsp;

boneyard · Answer

if what Leonardo Peralta points out doesn't work because it isn't a parameter related signature then you could run two ASM policies and disable the signature in one of them and assign that one via a local traffic policy or irule for that URI. lots of work and it doesn't scale well.

Forum Discussion

How do you create an Attack Signature exception for one URL in a policy?

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

except ip from asm logging

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 4 - Policy Lifecycle management)

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 2 - Policy Import)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS