I create Attack signature and still in staging although I change it to blocking
Hi I have create attack signature which block the request if it is containing some words. the status of my signature is : Staging: No Learn: Yes Alarm: Yes Block: Yes Enabled: Yes What i dont understand is : when i try to access the blocked link i still can access it And when i go to : Security > Event Logs > Application > Requests F5 see it as an attack but in the status of "Applied Blocking Settings" is still Staged? The Enforcement Mode of my policy is : Blocking
APM and sslstrip (man in the middle attack)
recently there was some local attention to the already quite old sslstrip attack, see: https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf has anyone tested that attack against an APM, how well does it work? mitigation would be of course to not implement APM on HTTP / not using a HTTP to HTTPS redirect. but im wondering if it works at all.
High CPU utilization (100%).
I observed high CPU utilization (100%) on F5 device, resource provision ASM nominal. I checked the client-side throughput and server-side throughput both are normal but found management interface throughput is very high and what i noticed this is happening in same time period for last 30 days. What could be the reason for this spike. Many thanks in advanced for your time and consideration.
