Attack signatures are rules or patterns that identify attack sequences or classes of attacks on a web application and its components. Attack signatures can apply to both requests and responses. F5 releases a new attack signature updates on a regular basis. An attack signature update includes new attack signatures as well as enhancements to existing attack signatures. Attack signature updates are cumulative; each update provides the latest signatures and all signatures from the previous updates. Updating the attack signatures also provides any revisions to existing attack signatures.
The table below lists the attack signatures used with the App Firewall. This list is updated regularly with both new signatures and updates to old signatures, if required.
For signature changelog, click here
The Signature ID column shows the unique ID for the signature, and can be used where a signature id is required in the Portal or through the API. The other columns give various information about the attack signature.
To find a particular signature or a group of signatures, enter a search string into the Search Filter bbelow and press the Enter/Return key or click the Filter Signatures button. For example, entering “vbscript” will reduce the table to only those entries that reference “vbscript”, and is a quick way to see only Visual Basic Script related attack types. Similarly, if you’re looking for signature id 200101375, you can simply enter “1375” (part of the id) to quickly find the attack signature. Note that this is a large table, so response time will vary depending on your system.