Bug ID 872849: Signatures in the Web Application Security event logs might not show correct applied blocking masks

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IQ Web App Security (ASM)(all modules)

Fixed In:
7.1.0.1

Opened: Jan 27, 2020

Severity: 3-Major

Symptoms

Violation details of Attack Signature Detected, for a Web Application Security policy, report Applied Blocking Masks that are inconsistent with information reported on the host BIG-IP device.

Impact

The Applied Blocking Masks found in the Web Application Security event logs display the incorrect blocking masks for the signature violation of a Web Application Security policy.

Conditions

1. Generate a Web Application Security signature violation 2. Select the events and view the Application Blocking Masks in the violation details in the Web Application Security Event Logs (Monitoring > EVENTS > Web Application Security > Event Logs > Events). 3. View the Applied Blocking Settings violation details on the host BIG-IP device.

Workaround

None

Fix Information

Detected signatures in the Attack Signature Detected violation now show the correct blocking masks in the BIG-IQ Web Application Security event logs.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips