For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

P_Casoria_18761's avatar
P_Casoria_18761
Icon for Nimbostratus rankNimbostratus
Feb 16, 2015

ASM module - efficacy testing

Hello everyone, I've deployed an F5 BIG-IP 2000s with LTM and ASM inside my architecture and I need to test the efficacy of Web Application Firewall (ASM module).   I've deployed "WebGoat" applica...
ASM Advanced WAF
deployment
management
security
gsharri's avatar
gsharri
Icon for Altostratus rankAltostratus
Feb 16, 2015

Check to see which entity (file types, urls, parameters) learning mode is in effect Application Security>Policy Building>Settings: Explicit Entities Learning.

 

If they are set to "Never, wildcard only" then all entity types are allowed by default due to the wildcards on the entities list. ASM will block a request only if it violates file type length limits set on the wildcard (to use file types example).

 

Check blocking settings as Hannes recommended.

 

Ensure relevant attack signatures are assigned to the security policy.