For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

danielpenna's avatar
danielpenna
Icon for Cirrus rankCirrus
Nov 21, 2014

Turning off a single Attack Signature for a specific URL and Parameter

Hi All, I am running 11.2.1 code ( yes, a little old ) and have two particular Attack SQLi attack signatures that are firing on false positives ( SQL-INJ 1,1,1 and SQL-INJ "select 0x") and the same V...
ASM Advanced WAF
management
security
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Nov 21, 2014
  1. Can I turn off a single signature for a particular URL but leave all other signatures still active ?

Answer - I don't believe you can. One way would be to have a different security policy for this URL and have the attack signature disabled globally. Might be over-complicating matters but nothing else springs to mind.

 

  1. Can I turn off a single signature for a particular parameter but leave all other signatures still active ?

Answer - absolutely. Create an explicit parameter and then go to its properties, under Attack Signatures tab move the offending attack signature to the Override box and select Disabled.

 

Hope this helps,

 

N