Bug ID 481530: Signature reporting details for sensitive data violation

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.1

Opened: Sep 29, 2014

Severity: 3-Major

Related Article: K86019555


ASM blocks some requests that match signatures of the 'XPath Injection' attack type, but specific details regarding the violations are not visible for the affected requests as the signatures match sensitive parameters.


You cannot view or learn about violations in the GUI for signatures that match on sensitive parameters.


Request with sensitive data, a signature match inside the sensitive data.


Suggestions of how to acquire the sig id: 1. Attach a custom remote logger that includes the violation details field and the support id. Note: You can configure only these two. 2. Turn on the ATTACK_SIG logger module for the bd.log and grep for 'Matched SIGID:' messages. 3. Remove the sensitive configuration. Note: This might not work for your environment.

Fix Information

Signature names that are matched inside sensitive data are now shown in the violation details in the Configuration utility.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips