Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

I create Attack signature and still in staging although I change it to blocking

Abdulmajeed
Nimbostratus
Nimbostratus

‎01-Sep-2020 22:56

Hi

 

I have create attack signature which block the request if it is containing some words.

 

the status of my signature is :

 

Staging: No

Learn: Yes

Alarm: Yes

Block: Yes

Enabled: Yes

 

What i dont understand is :

 

when i try to access the blocked link i still can access it

And when i go to : Security > Event Logs > Application > Requests

F5 see it as an attack but in the status of "Applied Blocking Settings" is still Staged?

 

0691T000009iEyKQAU.png

 

The Enforcement Mode of my policy is : Blocking

 

 

Labels:
0 Kudos
1 REPLY 1

Ivan_Chernenkii
F5 Employee
F5 Employee

‎03-Sep-2020 11:33

Hello Abdulmajeed,

 

This is possible because of 2 reasons:

1) "Signature Staging: is enabled for all signatures globally - you can check it on "Security ›› Application Security : Policy Building : Learning and Blocking Settings" page under "Attack signatures" or in the list of attack signatures per policy

2) Staging is enabled for appropriate entity. In your case this is URL, on which this signature was detected.

 

Thanks, Ivan

0 Kudos
Copyright © 2023 Khoros, LLC