Setting Attack Signatures - Query

Question

&nbsp;

&nbsp;Hello All/ Aaron,&nbsp;
&nbsp;Had 2 Queries on Attack Signatures-&nbsp;
1) ASM speaks of protecting against a list of attack signatures. Here is a link to document which describes the list (see table 11.1 in this doc)&nbsp;

http://support.f5.com/kb/en-us/prod...ml1044878
&nbsp;

&nbsp;However, Are all of the listed protections mentioned here enabled once we block by going to policy--&gt;blocking screen--&gt;Attack signature(block) or do some of them work only when settings in other screen are appropriately enabled. E.g. for&nbsp;
&nbsp;For DOS protection - do we first goto anomaly detection--&gt;DOS protection and give details 
&nbsp;For Brute Force - do we first goto anomaly detection--&gt; Brute force and give details
&nbsp;For CSRF protection - do first goto anomaly detection--&gt; CSRF protection &nbsp;
&nbsp;2) Regarding CSRF - have defined URL/* wildcard (in anomaly detection screen )but not sure if its doing its job of protecting all URLs under the wildcard as i dont see any learnings. (Note - ASM version is 10.2.2)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

nik_67256 · Answer

&nbsp; This has been resolved. BF,CSRF DOS come under anomaly detection and hence are treated seperate. 
&nbsp;  
&nbsp;  
&nbsp; Nik

nik_67256 · Answer

&nbsp; This has been resolved. BF,CSRF DOS come under anomaly detection and hence are treated seperate. 
&nbsp;  
&nbsp;  
&nbsp; Nik

Forum Discussion

Setting Attack Signatures - Query

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

Default Attack Signature Sets

ASM Attack Signature Sets

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack

Live Update- ASM attack signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS