Forum Discussion

bcarreker's avatar
bcarreker
Icon for Cirrus rankCirrus
Aug 23, 2022

Attack Signature Detected "Type="

Hello,

I have some users that are receiving an F5 error page with a session ID. Looks like the WAF detected a false positive. I've included a screenshot of the violation. Has anyone come across this? I am unable to adjust the policy via Traffic Learning, so is it possible to manually make a change in the policy configuration? 

Also, is it strange that the F5 WAF is blocking traffic from this violation, eventhough "Blocking" isn't listed under the "Applied Blocking Settings" from the report?

3 Replies

  • Hello,

     

    can you share the screenshotsyou are talking about? also, could you please share a screenshot from the policy builiding settings for this policy?

     

    Thanks,

    Mohamed Salah

    • Mohamed_Salah_'s avatar
      Mohamed_Salah_
      Icon for MVP rankMVP

      Hello,

       

      Sorry, didn't notice the attached screenshot. this logs shows that this attack signature wasn't the reason for blocking as only learn and alarm are enabled for this.

      So, please can show us the while request along with the policy building settings.

       

      Thanks,

      Mohamed Salah