I create Attack signature and still in staging although I change it to blocking
Hi I have create attack signature which block the request if it is containing some words. the status of my signature is : Staging: No Learn: Yes Alarm: Yes Block: Yes Enabled: Yes What i dont understand is : when i try to access the blocked link i still can access it And when i go to : Security > Event Logs > Application > Requests F5 see it as an attack but in the status of "Applied Blocking Settings" is still Staged? The Enforcement Mode of my policy is : Blocking708Views0likes1CommentAPM and sslstrip (man in the middle attack)
recently there was some local attention to the already quite old sslstrip attack, see: https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf has anyone tested that attack against an APM, how well does it work? mitigation would be of course to not implement APM on HTTP / not using a HTTP to HTTPS redirect. but im wondering if it works at all.378Views0likes2Comments