Forum Discussion
hooleylist
Jan 06, 2010Cirrostratus
Hi,
The Comments 2 attack signature is matching on XML/HTML comments as comments could potentially be used to obfuscate attacks. If your app accepts / requires comments in the XML, you'd want to disable this check either for the entire policy, just one object or a single parameter if the XML is passed in a parameter.
If you'd like more details on the logic for including this signature in the attack sigs, you could open a case with F5 Support.
Aaron