Bug ID 504232: Attack signatures are not blocked after signature/set change

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3

Fixed In:
12.0.0, 11.6.0 HF4

Opened: Feb 02, 2015

Severity: 2-Critical


System wide signature updates, like Attack Signature Update, can cause some security policies to erroneously change their enforcement of attack signatures to Transparent mode.


A security policy will not block attack signatures that are meant to be blocked.


There are security policies in both Transparent and Blocking mode, and there is an update to the system's attack signatures.


Toggle the transparent/enforce flag on a security policy, and apply the security policy.

Fix Information

We fixed an issue that caused false positives or a lack of enforcement (such as not blocking) when attack signatures were updated or modified.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips