For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mwitt_65218's avatar
mwitt_65218
Icon for Nimbostratus rankNimbostratus
May 26, 2009

1) F5 creating Global parameter when I have already Object parameter 2) Illegal Request and Object Lengths

Greetings,     I had created the parameter called username and made it an object parameter with Object Path HTTPS and /https://secure.stinson.com/bds/Loginsubmit.do. I allowed the Meta Cha...
app sec
BIG-IP Access Policy Manager (APM)
security
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
May 26, 2009
I think auto-accept will create a global parameter, but to be honest I'm not sure. If there was some indication as to what the automated tools were going to do before it was done and confirmation of what was done afterwards (and possibly even an option to undo them) I might be willing to use them. As it is, I think it's far better to use the Manual Policy Building tool (Traffic Learning) and actual manual changes. This ensures that you know what changes are being made to the policy.

 

 

I'm pretty sure there is an open Request For Enhancement on this. You could open a case with F5 Support and ask them to find it and add your case to the request.

 

 

Typically, I'd suggest creating a global parameter for any exception you want to make to the global charsets and/or attack signatures. This way you can leave the global rules tight and create a more specific relaxation when required.

 

 

Aaron