Forum Discussion
ltwagnon
Mar 12, 2015Ret. Employee
It sounds like you are headed in the right direction with this. Here's an article I wrote that discusses custom ASM signatures. In my case, I used the "content" rule, but it sounds like you are correct in using the "headercontent" rule for your situation. https://devcentral.f5.com/articles/blocking-spam-with-custom-attack-signatures
I hope this helps!