Bug ID 1186401: Using REST API to change policy signature settings changes all the signatures.

Last Modified: Apr 28, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,

Opened: Nov 06, 2022

Severity: 3-Major


When you use iControl REST to modify the signatures associated with a policy, the modifications are applied to all the signatures.


The user was unable to leverage the REST API to make the desired changes to the ASM signature policy.


-- Create a policy named 'test' -- Associate a signature set like "SQL Injection Signatures" to the policy For example, remove the "Generic Detection Signatures (High/Medium Accuracy)" set -- Look at the low-risk signatures associated with the policy Commmand: curl -sku admin:admin 'https://localhost/mgmt/tm/asm/policies/MrLpFzRHNarvj_zuAOD0fw/signatures?$expand=signatureReference&$filter=signature/risk+eq+low' | jq . | head -- Turn off staging for these signatures: Commands: curl -sku admin:admin 'https://localhost/mgmt/tm/asm/policies/MrLpFzRHNarvj_zuAOD0fw/signatures?$expand=signatureReference&$filter=signature/risk+eq+low' -d '{ "performStaging": false }' -X PATCH | jq . | head curl -sku admin:admin 'https://localhost/mgmt/tm/asm/policies/MrLpFzRHNarvj_zuAOD0fw/signatures?$expand=signatureReference&$filter=signature/risk+eq+low' -d '{ "performStaging": true }' -X PATCH | jq . | head -- The "totalItems" shows that 187 signatures were changed


Add 'inPolicy eq true' to the filter Command : curl -sku admin:admin 'https://localhost/mgmt/tm/asm/policies/MrLpFzRHNarvj_zuAOD0fw/signatures?$expand=signatureReference&$filter=signature/risk+eq+low+and+inPolicy+eq+true' -d '{ "performStaging": false }' -X PATCH | jq . | head

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips