Forum Discussion

Nimbostratus

Jan 06, 2010

XML comment triggers an attack signature

Hello, Can anyone tell me why a comment in an XML POST is seen as an attack? The only thing I've found so far is the use of comments to help generating the correct checks...

app sec

BIG-IP Access Policy Manager (APM)

security

hoolio

Cirrostratus

Jan 06, 2010

Hi,

The Comments 2 attack signature is matching on XML/HTML comments as comments could potentially be used to obfuscate attacks. If your app accepts / requires comments in the XML, you'd want to disable this check either for the entire policy, just one object or a single parameter if the XML is passed in a parameter.

If you'd like more details on the logic for including this signature in the attack sigs, you could open a case with F5 Support.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

XML comment triggers an attack signature

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

To Comment or Not to Comment?

November Security Research Update: Newly Released Attack Signatures

Getting Started with iRules: Logging & Comments

NGINX App Protect v5 Signature Notifications

Trigger js challenge/Captcha for ip reputation/ip intelligence categories

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS