Forum Discussion

Nimbostratus

Nov 02, 2017

SQL Injection signature set on policy - odd behavior

I have noticed an odd behavior for a policy I created in 12.1.2 ASM. The policy was created manually through the deployment wizard with the following settings utf-8 no template selected, no case...

ASM Advanced WAF

security

Simon_Blakely

Employee

Nov 03, 2017

It looks to me like the primary request is not detected and blocked.

The page renders HTML, but all subsequent linked requests for CSS and Images include the referrer - which does trigger the signatures and is blocked.

Turn on logging for all requests - you should see what is happening with the first request.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SQL Injection signature set on policy - odd behavior

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Big-IP LTM integration with Big-IP DNS in Azure

Cannot ping external interface

HA Failover between two Datacenters

What does session_id = 0 means in ASM session tracking?

Extend capacity of the blade on Velos

Related Content

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

WAF evasion techniques for Command Injection

Serverside SNI injection iRule

Mitigating OWASP Web Application Risk: Injection exploits using F5 BIG-IP

NGINX App Protect v5 Signature Notifications

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS