Forum Discussion
Is the update and application of new AWAF attack signatures "Service Affecting"?
- Sep 24, 2023
Hi Wasfi_Bounni ,
Yes , it may impcat you.
and not it depends :- you want to enforce signtaures immediately. ( may impact you and produce false positives )
- you can keep these signature under learning for a while ( Readness period "default 7 days" )
Open ( Security >> Application security >> Learning and blocking settinngs >>> Attack signatures )
- If you want to enforce it directley :
open this :Make sure ( you're selecting enforce updated rule immediately ...... ).
>>> by doing this all newly updated signature will be enforced directly.
- If you want to keep updated signature for a while and in learning and after checking your learning suggestion to take your decision :
modify your configuration like this :
>>> performing this shoud put your newly signatures in statging waiting the ( Readness period to be fininshed ) to be ready to be enforced and you will work on parallel on learning suggestions ( Accept / delete suggestions ) based on your analysis in suggestions collected from requests samples.
I hope this helps you 🙂
It depends what you mean with "service affecting" ... as to your second question, it wont reboot the device and it will also not restart BIG-IP services or such causing general traffic interuptions.
as Mohamed explains it might affect your service if a false positive occurs in the new signatures and they are applied in blocking mode. this is always a tricky choice, perhaps some interuption but auto update. or long checking and testing. your choice in the end.
Thank you Boneyard.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com