F5 ASM | Web Server Probe Signture

Abed_AL-R · ‎24-Dec-2020

Hi

we see in event logs a lot of this attack signature:

Signature ID
200015107
Signature Name
Web Server Probe (Nuclei Scanner)

I searched for this signature to apply Block but can't find it

Where I can find this signature?

any idea how to block it?

Daniel_Wolf · ‎26-Dec-2020

Hi,

it's part of the Generic Detection Signatures. Where you can find it depends a bit on your BIG-IP version. In 15 it is in Security ›› Application Security : Security Policies : Policies List ›› YourPolicyName >> Attack Signatures.

Filter by Signature ID there you find it and check its Enforcement status.

Whether it is in Blocking or not, you can see in Security ›› Application Security : Policy Building : Learning and Blocking Settings, open the menu for Attack Signatures and check if Generic Detection Signatures are in Blocking Mode.

KR

View solution in original post

Daniel_Wolf · ‎26-Dec-2020

Hi,

it's part of the Generic Detection Signatures. Where you can find it depends a bit on your BIG-IP version. In 15 it is in Security ›› Application Security : Security Policies : Policies List ›› YourPolicyName >> Attack Signatures.

Filter by Signature ID there you find it and check its Enforcement status.

Whether it is in Blocking or not, you can see in Security ›› Application Security : Policy Building : Learning and Blocking Settings, open the menu for Attack Signatures and check if Generic Detection Signatures are in Blocking Mode.

KR

DevCentral

F5 ASM | Web Server Probe Signture

Khoros Kudos Award 2022