Forum Discussion
Mike_Maher
Feb 17, 2011Nimbostratus
ASM Policy Blocking
So I am currently trying to determine what is best blocked at the ASM and what to allow to pass to the application security layer. So I realize that some of the blocks at ASM are subjective to what type of application you are protecting and what technologies are deployed within the application. Obviously I would not need turn on any XML checks if there is no XML in the application. So I guess what I am looking for is does anyone have any opinion on what checks should we enable no matter what. My thought were the following and wanted to see if anyone had anything to add or a process they use to handle this. By the way I am running 10.2.
All the RFC-Violations
CSRF Attack Detected
Illegal File Type
Illegal Method
Illegal URL
Illegal Meta-Character in the URL
Failed to convert character
Web Scraping Detected
ASM Cookie Hijacking
Modified ASM Cookie
Attack Signature Detected
- hooleylistCirrostratusHi Mike,
- Festus_50639NimbostratusHoolio,
- hooleylistCirrostratusHi Festus,
- Mike_MaherNimbostratusAaron,
- hooleylistCirrostratusI'd be leery of depending solely on application side validation. It's great if the application does validation, particularly in the framework. But there is always a chance of misconfiguration or errant use of the framework within the application. If the app owners swear up and down they're doing proper validation, I'd still do a pen test to check it before disabling those checks in ASM.
- Mike_MaherNimbostratusYes I actually completely agree with you, I would prefer to keep it in my hands and do it as the ASM, unfortunately as I am sure you know Security is not always the people that get to make decisions about Security :). If we do hand it off, we do plan on testing the controls a few times a year and repercussions if we find anyone violating the standard. Not perfect I know but nothing ever is.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects