WAF Block Request

Question

Hello Everyone&nbsp;I&nbsp; hope Youre well!!!Recently, I had this event logged by the WAF: a request categorized as “Attack signature detected” with a Violation Rating of 4. However, the WAF did NOT block it and is treating it as “Legal.” However, the linked policy is in blocking mode.Does anyone know what this is due to and how to fix it?Thank you in advance.&nbsp;&nbsp;

aswin_mk · Answer

Hello ,
its pointing to for eg:- staging enabled, signature set to “Learn-Alarm”, trusted IP, exception, enforcement readiness period, policy building settings, etc.

joshbecigneul · Answer

Looks like the signature you referenced is still in staging mode. Consider reviewing the documentation around attack signature enforcement options here:
K34235512: Overview of Attack Signature enforcement options (15.1.0 and later)&nbsp; https://my.f5.com/manage/s/article/K34235512

Forum Discussion

WAF Block Request

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

SSL Bridging and FQDN rewrite Policy

AS3 declaration to set cookie to preferred

Cisco TACACS+ Config on ISE LTM Pair

Illegal Metacharacter in Parameter Name in Json Data

Checking for X-Forwarded-For against an Address Data-Group

Related Content

The WAF Dilemma

F5 BIG-IP Advanced WAF – "dos profile" reporting

F5 BIG-IP Advanced WAF – DOS profile configuration options.

Introduction of IDS and WAF

Securing MCP Servers with F5 Distributed Cloud WAF

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS