Last Modified: May 29, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2
Fixed In:
17.1.1, 16.1.4, 15.1.9
Opened: Nov 06, 2022 Severity: 3-Major
When you use iControl REST to modify the signatures associated with a policy, the modifications are applied to all the signatures.
The user was unable to leverage the REST API to make the desired changes to the ASM signature policy.
-- Create a policy named 'test' -- Associate a signature set like "SQL Injection Signatures" to the policy For example, remove the "Generic Detection Signatures (High/Medium Accuracy)" set -- Look at the low-risk signatures associated with the policy Commmand: curl -sku admin:admin 'https://localhost/mgmt/tm/asm/policies/MrLpFzRHNarvj_zuAOD0fw/signatures?$expand=signatureReference&$filter=signature/risk+eq+low' | jq . | head -- Turn off staging for these signatures: Commands: curl -sku admin:admin 'https://localhost/mgmt/tm/asm/policies/MrLpFzRHNarvj_zuAOD0fw/signatures?$expand=signatureReference&$filter=signature/risk+eq+low' -d '{ "performStaging": false }' -X PATCH | jq . | head curl -sku admin:admin 'https://localhost/mgmt/tm/asm/policies/MrLpFzRHNarvj_zuAOD0fw/signatures?$expand=signatureReference&$filter=signature/risk+eq+low' -d '{ "performStaging": true }' -X PATCH | jq . | head -- The "totalItems" shows that 187 signatures were changed
Add 'inPolicy eq true' to the filter Command : curl -sku admin:admin 'https://localhost/mgmt/tm/asm/policies/MrLpFzRHNarvj_zuAOD0fw/signatures?$expand=signatureReference&$filter=signature/risk+eq+low+and+inPolicy+eq+true' -d '{ "performStaging": false }' -X PATCH | jq . | head
None