Forum Discussion

Nimbostratus

Oct 06, 2016

Customizing Attack Signatures

How can I manually alter attack signatures that are attached to a security policy? For example, if a signature is matched, how can we customize that specific signature for our application?

ASM Advanced WAF

security

Erik_Novak

Employee

Oct 06, 2016

Having QA run valid traffic is a great way to start. So the script example might be tricky. ASM is sophisticated enough that the simple presence of your example in some random request might not trigger an attack signature at all. A good plan of action might be to watch those attack signatures which are triggered, and then take a good look at what caused the violation. If script and open/end tags are allowed as input for a form parameter, then you could disable that signature on that parameter, for example. Any policies you create can be exported to another licensed ASM unit or applied to virtual servers. Attack signatures start out in staging, so you should be able to run traffic without affecting traffic.

Forum Discussion

Customizing Attack Signatures

Recent Discussions

Enterprise Security best practices with F5 WAF

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

Related Content

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack

Live Update- ASM attack signatures

Default Attack Signature Sets

The HTTP/2 CONTINUATION frame attack