F5 ASM – Disabling attack signatures checks

avril 19, 2021

F5 ASM – Disabling attack signatures checks

I’ve deployed a new WAF appliance with F5 ASM recently where I have to secure web applications which have lots of entities such as URLs, parameters and files. These web applications are already running in a production environment, as a result, I’ve deployed a Rapid Deployment Policy in transparent mode to see and know what’s going on. After a week, I can see lots of attacks in the learning process. Most of them are due to a web application used to store files. Employees can upload whatever they want, thus, they upload PDF files as well as .exe files and source code with javascripts. Therefore, the best to reduce potential false-positive alerts is disabling attack signatures checks for the URL where the application is hosted or the parameter used to upload files.

I’ve recorded a video where we can watch how to disable attack signatures checks for URL and parameters. It’s really easy!!

Drop me a line with the first thing you are thinking!

Rechercher dans ce blog

David Romero Trejo

F5 ASM – Disabling attack signatures checks

Commentaires

Enregistrer un commentaire

Articles les plus consultés

Improving SSL VPN performance with DTLS

HSRP, VRRP o GLBP

Checksum

Metodología de redes (FCAPS)

Decrypting DTLS traffic with Wireshark

Two FortiGates in a VRRP domain

DNS Load Balancing

Balanceadores de Carga

Linux Buffer Overflow Example

MLAG vs vPC vs Stacking