Bug ID 522433: ASM REST: Added Missing Fields for Attack Signatures' Scope

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0

Opened: May 10, 2015

Severity: 3-Major

Symptoms

There is no way to know to which scopes a signature applies, since the signature scope is missing from the REST state.

Impact

REST Clients (such as BIG-IQ) cannot filter Signatures by which context they apply to in order to limit which signatures are relevant to different entity types for overrides.

Conditions

ASM REST is used to view Attack Signatures.

Workaround

No programmatic workaround exists.

Fix Information

The following boolean fields have been added to the attack signature object in ASM REST, and correspond to the scope (Apply To) in the GUI. { "matchesWithinCookie": false, "matchesWithinGwt": false, "matchesWithinHeader": false, "matchesWithinJson": false, "matchesWithinParameter": false, "matchesWithinRequest": false, "matchesWithinResponse": false, "matchesWithinUri": false, "matchesWithinXml": false, }

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips