Forum Discussion

Nimbostratus

Sep 02, 2020

I create Attack signature and still in staging although I change it to blocking

Hi I have create attack signature which block the request if it is containing some words. the status of my signature is : Staging: No Learn: Yes Alarm: Yes Block: Yes Enabled: Yes ...

Employee

Sep 03, 2020

Hello Abdulmajeed,

This is possible because of 2 reasons:

1) "Signature Staging: is enabled for all signatures globally - you can check it on "Security ›› Application Security : Policy Building : Learning and Blocking Settings" page under "Attack signatures" or in the list of attack signatures per policy

2) Staging is enabled for appropriate entity. In your case this is URL, on which this signature was detected.

Thanks, Ivan

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

I create Attack signature and still in staging although I change it to blocking

Recent Discussions

301 redirect and waf policy log problem

Big-IP VE edition for MacBook M4 Chip

ASD

Background Tasks

APM with EntraID as idP / request signed

Related Content

TLS Fingerprinting JA3 iRule Application: Rate limit and block malicious traffic based on TLS signature

Blocking Spam with Custom Attack Signatures

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Block IP after a number of ASM Blocks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS