Forum Discussion

Nimbostratus

Sep 01, 2020

I create Attack signature and still in staging although I change it to blocking

Hi I have create attack signature which block the request if it is containing some words. the status of my signature is : Staging: No Learn: Yes Alarm: Yes Block: Yes Enabled: Yes ...

Employee

Sep 03, 2020

Hello Abdulmajeed,

This is possible because of 2 reasons:

1) "Signature Staging: is enabled for all signatures globally - you can check it on "Security ›› Application Security : Policy Building : Learning and Blocking Settings" page under "Attack signatures" or in the list of attack signatures per policy

2) Staging is enabled for appropriate entity. In your case this is URL, on which this signature was detected.

Thanks, Ivan

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

I create Attack signature and still in staging although I change it to blocking

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

How to configure ssh access by key on F5OS

F5 BIG-IP DNS/Audit Logs — Structured Format for SIEM Ingestion

Bot Defense causing a lot of false positives

Recommendation for Adv. Lab

iRules for recreation: HTTP Protocol Parser implemented using BIG-IP iRule(unfinished)

Related Content

Logging/Blocking possible prompt injection

November Security Research Update: Newly Released Attack Signatures

NGINX App Protect v5 Signature Notifications

Blocking Spam with Custom Attack Signatures

TLS Fingerprinting JA3 iRule Application: Rate limit and block malicious traffic based on TLS signature

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS