How do you create an Attack Signature exception for one URL in a policy?

Question

There is a SQL Injection signature that is throwing a false positive for one of the URLs in our policy. This is a high threat signature so we still want it to be in blocking, but want one URL to be exempt from it. I know that you can add URLs to the white list, but as far as I know that would white lists all traffic from them, not just one signature. Any suggestions? Thanks!

leonardo_peral1 · Answer

I dont believe you can.&nbsp;
But..Create an explicit parameter and then go to its properties, under Attack Signatures tab move the offending attack signature to the Override box and select Disabled.&nbsp;

boneyard · Answer

if what Leonardo Peralta points out doesn't work because it isn't a parameter related signature then you could run two ASM policies and disable the signature in one of them and assign that one via a local traffic policy or irule for that URI. lots of work and it doesn't scale well.

Forum Discussion

How do you create an Attack Signature exception for one URL in a policy?

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Related Content

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

except ip from asm logging

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures