Forum Discussion

TayF5un's avatar
TayF5un
Icon for Nimbostratus rankNimbostratus
Jan 10, 2017

ASM attack signature false positive

Hi,

 

I have 2 application; one of them run on F5-ASM which is AA and other one not which is BB.

 

BB try to connect AA for some data, but ASM blocked and I could not see any support ID. When i uncheck the attack signature everything is ok. Any idea? Can I uncheck the signature for specific source host.

 

  • Is your policy configured via manual learning? Check the attack detection on Security ›› Application Security ›› Policy Building ›› Manual Traffic Learning, if the violation is detected.

     

    How did you find that ASM is blocking this request? If you have a response page include <%TS.request.ID()%> so that it can display the support id.

     

    Also it is possible to by pass the ASM for specefic IP address if you would like to.

     

    -Jinshu