F5 Public Cloud Solutions > 7. Protecting Cloud Native Applications > 7.3. BIG-IP ASM Configuration Source | Edit on
7.3.5. Checking Signatures Protection¶
Click “Send your Feedback”
Open developer tools by right clicking anywhere in the webpage, then select Inspect
Select the Network tab
Open the File XSS.txt that is in your Desktop on the Windows Jump Host. Paste the attack in the form. Click Create.
<a href="#" onclick="for(var i in localStorage) { alert(localStorage.key(i) + ' = /n' + localStorage[i]) }">Click Here Pleaaaaaase!</a>
You should ‘ve received a pop-up error to fetch. That is because the request was blocked.
Click on the last “note” entry on developer tools. You should see the request payload with the content you submitted.
Click the “Response” tab on the right. You will see ASM Block Page encoded in JSON:
Go to “Security > Event Logs > Application > Requests”
Select the Blocked request. Look how nice it is to test using the Cloud. You can see that ASM shows the Country the request came from:
Verify why ASM blocked this request.
Click “Attack signature detected” to see the signatures matching the content you sent.