Forum Discussion

Nimbostratus

Sep 02, 2020

I create Attack signature and still in staging although I change it to blocking

Hi I have create attack signature which block the request if it is containing some words. the status of my signature is : Staging: No Learn: Yes Alarm: Yes Block: Yes Enabled: Yes ...

Employee

Sep 03, 2020

Hello Abdulmajeed,

This is possible because of 2 reasons:

1) "Signature Staging: is enabled for all signatures globally - you can check it on "Security ›› Application Security : Policy Building : Learning and Blocking Settings" page under "Attack signatures" or in the list of attack signatures per policy

2) Staging is enabled for appropriate entity. In your case this is URL, on which this signature was detected.

Thanks, Ivan

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

I create Attack signature and still in staging although I change it to blocking

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

HA Failover between two Datacenters

LTM issue Openning new web browser tab

F5 asm/awaf

AST Configuration Assistance

Identify which virtual servers are using a specific SSL certificate

Related Content

NGINX App Protect v5 Signature Notifications

Blocking Spam with Custom Attack Signatures

TLS Fingerprinting JA3 iRule Application: Rate limit and block malicious traffic based on TLS signature

Custom Attack Signatures

Disabling signature for a URL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS