For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Aurel's avatar
Aurel
Icon for Cirrus rankCirrus
Dec 18, 2019

Ignore value versus Apply content signatures

Hello, Facing unknown content blocked by ASM, i would like to compare 2 options to set an exception.   First one : Set the Content-type header and set Request Body Handling with "Apply co...
ASM Advanced WAF
security
Samir's avatar
Samir
Icon for MVP rankMVP
Feb 16, 2020

It depends on type of application hosted on ASM. But ignore value (2nd option) will be better then first one.

Best way go through traffic learning event logs​ and analyze it.

Aurel's avatar
Aurel
Icon for Cirrus rankCirrus
Mar 03, 2020

Hi,

thanks for your comment. But can you elaborate on why "ignore value" would be the best option ?

Trying to count "Parameter based" signatures, i am getting the 1/3 ratio versus all signatures. Meaning that removing them would remove around 1/3 of the attack signatures.

I can't unfortunately identify what is called "Content signatures" to compare any proportion, and mostly to conclude about each security tradeoff more accurate score.