Forum Discussion

Nimbostratus

Jan 06, 2010

XML comment triggers an attack signature

Hello, Can anyone tell me why a comment in an XML POST is seen as an attack? The only thing I've found so far is the use of comments to help generating the correct checks...

Cirrostratus

Jan 06, 2010

Hi,

The Comments 2 attack signature is matching on XML/HTML comments as comments could potentially be used to obfuscate attacks. If your app accepts / requires comments in the XML, you'd want to disable this check either for the entire policy, just one object or a single parameter if the XML is passed in a parameter.

If you'd like more details on the logic for including this signature in the attack sigs, you could open a case with F5 Support.

Aaron

Forum Discussion

XML comment triggers an attack signature

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Leveraging Ansible Rulebooks for Streamlined Event Triggers: Advantages and Benefits

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

To Comment or Not to Comment?

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

BoT Defense Profile, Signature Enforcement