14-Sep-2022 04:57
i have an issue where this attack signature is blocking logins to my application with any emai address starting with parent.xxxxx@gmail.com or any other domain. I have tried the below suggestion to disable this specific attack signature however issue still persists:
Disabling Attack signatures for Parameters (BIG-IP 11.5.0 and later)
Note: In BIG-IP 11.x through 13.x, clear the Check attack signatures on this parameter check box.
Note: When this option is disabled, the BIG-IP ASM system does not check signatures on inbound or outbound transactions for with this parameter.
Note: If you click Enabled for State, the BIG-IP ASM system checks the attack signature for the parameter.
any suggestions how to resolve this is welcome
08-Oct-2022 02:05 - edited 08-Oct-2022 02:06
Hello,
Have you generated ASM/Advanced WAF report to see that the signature is detected under the explicit parameter you created? It could be a bug or the signature being detected under the URL so maybe you will need to whitelist it there.
You can check the link below:
Also maybe search for bugs in ihealth or bug tracker with words like "signature parameter":
https://support.f5.com/csp/bug-tracker