Forum Discussion

Nimbostratus

Sep 02, 2020

I create Attack signature and still in staging although I change it to blocking

Hi I have create attack signature which block the request if it is containing some words. the status of my signature is : Staging: No Learn: Yes Alarm: Yes Block: Yes Enabled: Yes ...

Employee

Sep 03, 2020

Hello Abdulmajeed,

This is possible because of 2 reasons:

1) "Signature Staging: is enabled for all signatures globally - you can check it on "Security ›› Application Security : Policy Building : Learning and Blocking Settings" page under "Attack signatures" or in the list of attack signatures per policy

2) Staging is enabled for appropriate entity. In your case this is URL, on which this signature was detected.

Thanks, Ivan

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

I create Attack signature and still in staging although I change it to blocking

Recent Discussions

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

ports are showing open on online scanning tool

Related Content

TLS Fingerprinting JA3 iRule Application: Rate limit and block malicious traffic based on TLS signature

Blocking Spam with Custom Attack Signatures

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Block IP after a number of ASM Blocks

Block traffic

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS