How to best address signature tripping and exception list

Question

I am looking for an answer on how to best address signature tripping and exception list; do we disable base signature, create custom signature inheriting from base, adjust it to allow legit traffic but block all else. we have some scanners in the internal network and want to allow only these certain IPs or domains to scan. how would I go about addressing this?

boneyard · Answer

i asume you are talking about ASM here? &nbsp;
the first part i don't quite understand. with ASM you use ASM policies, per policy you can disable certain attack signature you don't want.&nbsp;
those scanners should not be blocked at all? there is the IP exception list for that.&nbsp;
Security  ››  Application Security : IP Addresses : IP Address Exceptions&nbsp;

Forum Discussion

How to best address signature tripping and exception list

1 Reply

Recent Discussions

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

About AWAF "Redirect URLs" in "Responses and Blocks"

ISP Bandwidth Utilization

Related Content

DevCentral RSA Trip Planning Guide

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

except ip from asm logging

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

User Group Road Trip!