For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ppp2016_241036's avatar
Ppp2016_241036
Icon for Nimbostratus rankNimbostratus
Mar 09, 2016

When to use "Apply Signatures to Responses" in policy building?

I tried to figure out what is the purpose and use cases for "Apply Signatures to Responses" check box in policy building? The interesting part is that this option only in the Manual policy building, ...
ASM Advanced WAF
security
Silverline
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Mar 09, 2016

Ppp2016, usually attack signatures are only applied to http requests i.e. when bad XSS or SQLi attacks might be embedded in malicious requests. The use cases for applying attack signatures to Responses are, in the main, to prevent Information Disclosure i.e. to prevent MS SQL Database errors being returned to the end user. This might inform malicious persons of backend technologies in place i.e. fingerprinting the environment.

 

If you go to Attack Signatures in the GUI i think you can filter on signatures in regards Responses and you should see some sample signatures with more details on this.

 

It's best to create explicit file types and apply response signatures to these entities only, rather than the wildcard.

 

Hope this helps,

 

N