I have create attack signature which block the request if it is containing some words.
the status of my signature is :
What i dont understand is :
when i try to access the blocked link i still can access it
And when i go to : Security > Event Logs > Application > Requests
F5 see it as an attack but in the status of "Applied Blocking Settings" is still Staged?
The Enforcement Mode of my policy is : Blocking
This is possible because of 2 reasons:
1) "Signature Staging: is enabled for all signatures globally - you can check it on "Security ›› Application Security : Policy Building : Learning and Blocking Settings" page under "Attack signatures" or in the list of attack signatures per policy
2) Staging is enabled for appropriate entity. In your case this is URL, on which this signature was detected.