Forum Discussion
mwitt_65218
Nimbostratus
NimbostratusAny suggestions for beginner?
Gregarious greetings,
I am a junior programmer. My employer has purchased BIG-IP 9.4.5 Build 1086.1 Hotfix HF2.
Others here have installed the F5 ASM. Already there are...
mwitt_65218Nimbostratus
NimbostratusHowdy Ben,
Thanks very much for your reply. Late last Friday afternoon, Justin from F5 Tech Support called me as I had opened a Case Number/Ticket.
Justin kindly helped me. I found out that our Admin needs to go to Virtual Servers in the Local Traffic section, click the server for the 443 port, click Resources tab, go to HTTP Class Profiles, click Manage, and then bring in the Application Security class with the Left Arrow. I only have been given Policy Editor Admin rights. The port 80 was fine already.
I also learned that I do not need to create an Object for a web page's control. I create a user-input parameter and name it exactly like the name of the user control. I can View Source in the Browser on a web page and find the name of the control. I have an Object for the web page.
He explained that when adding the user-input parameter, I only need to bring to the left with the Left Arrow any Meta Character that I wish to allow. All Meta Characters are disallowed by default. I only bring in (bring to the left with the Left Arrow) any Attack Signature that I want to disallow. This area is only for overriding the global settings.
If I want to disallow an Attack Sig, I bring it in by using the Left Arrow. If I want to allow a Meta Character, I bring it to the left with the Left Arrow.
I should use Policy Building - Manual to look at the logs because I can click there a log and be launched into a policy building wizard so to speak. In the Reports section, I can only click a log to Accept.
I need to go to Policy - Blocking tab at top - Settings to check the checkboxes for everything to be sure that Learn and Alarm have check marks.
The LEARN puts the log into Policy Builder. The ALARM puts the log into the Reports. The BLOCK truly blocks the users. So I must go there and check all of the Learn and Alarm checkboxes.
Anyway, this week I'll try to do this stuff and I hope to start getting logs and be able to play around with it and learn more about using F5.
I have not received any training and just have the 416-page User Manual. Maybe I can convince my employer to send me to pay for some training (either Online Remote training or one of those 4-day classes that I would attend in another city).
Thanks again very much for your reply, Ben!
mwitt
