Forum Discussion

Nimbostratus

Jan 06, 2010

XML comment triggers an attack signature

Hello, Can anyone tell me why a comment in an XML POST is seen as an attack? The only thing I've found so far is the use of comments to help generating the correct checks...

app sec

BIG-IP Access Policy Manager (APM)

security

hoolio

Cirrostratus

Jan 06, 2010

Hi,

The Comments 2 attack signature is matching on XML/HTML comments as comments could potentially be used to obfuscate attacks. If your app accepts / requires comments in the XML, you'd want to disable this check either for the entire policy, just one object or a single parameter if the XML is passed in a parameter.

If you'd like more details on the logic for including this signature in the attack sigs, you could open a case with F5 Support.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

XML comment triggers an attack signature

Jeff - May 2026 Featured F5er

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

migrate from serie I to R. Cluster LTM-GTM

APM URL encoding Hardening?

Trial License for F5 virtual edition in eve-ng

certitcate error

about create wide ip,

Related Content

To Comment or Not to Comment?

Why I could not post a comment

Getting Started with iRules: Logging & Comments

November Security Research Update: Newly Released Attack Signatures

F5 Distributed Cloud AI-Powered WAF: From Signature Tuning to Outcomes

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS