Bug ID 522040: Individual attack signature can't be disabled on a specific header

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Fixed In:
13.0.0

Opened: May 07, 2015

Severity: 3-Major

Symptoms

A specific attack signature is matched on a specific header or a specific allowed cookie. You are unable to disable it only on a specific header/cookie and not on the policy

Impact

Disabling the signature on the policy may miss attacks. Enabling the signature will cause false positives on the occurrence on the header/cookie

Conditions

a specific signature is matched only on a specific header or cookie.

Workaround

N/A

Fix Information

Added the functionality to disable specific attack signature on a specific header or cookie.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips