Forum Discussion
3 Replies
- Vijith_182946Cirrostratus
Hi, What is your staging period for the attack signature? For each security policy, you can enable or disable staging for attack signatures. Attack signature staging is enabled by default. When the staging feature is enabled, the system places all new signatures in staging for the number of days specified in the staging period. (look for enforcement readiness period). Note the system does not enforce signatures that are in staging,even if there is a violation.
cheers
- natheCirrocumulus
Ppp2016, usually attack signatures are only applied to http requests i.e. when bad XSS or SQLi attacks might be embedded in malicious requests. The use cases for applying attack signatures to Responses are, in the main, to prevent Information Disclosure i.e. to prevent MS SQL Database errors being returned to the end user. This might inform malicious persons of backend technologies in place i.e. fingerprinting the environment.
If you go to Attack Signatures in the GUI i think you can filter on signatures in regards Responses and you should see some sample signatures with more details on this.
It's best to create explicit file types and apply response signatures to these entities only, rather than the wildcard.
Hope this helps,
N
- Mikhail_FedorovHistoric F5 Account
Hi Ppp2016
Response signatures usually used to prevent sensitive information leakage. E.g. database structure may be revealed via publishing DB error message to response. Detailed explanation.
So use it if you want to catch something in response.