AFM Learn-Only Signatures Dropping Traffic

Question

I was under the impression initially that if you had these dynamic signatures set to learn-only you weren't going to drop traffic. I have set all of these vectors to enforced and it looks like the event logs show drops so is this in fact enforcing/dropping?&nbsp;
&nbsp;
&nbsp;

nathe · Answer

ipman,&nbsp;
What you are seeing in the logs is right, the Attack Vectors are enforced so AFM is dropping traffic. The Learn Only mode you are seeing is referencing Dynamic Signatures. Here, the AFM is doing Behavioural analysis and creating Dynamic Signatures on the fly, if required. Looking at your logs it's not triggering a Dynamic Signature, rather the default BADACK attack vector. &nbsp;
See &nbsp;
Detecting Dynamic DoS Attacks&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

AFM Learn-Only Signatures Dropping Traffic

1 Reply

Recent Discussions

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

google autenticator broken barcode

Related Content

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

How do I drop traffic on ASM?

BoT Defense Profile, Signature Enforcement

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack