For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ppp2016_241036's avatar
Ppp2016_241036
Icon for Nimbostratus rankNimbostratus
Dec 28, 2015

ASM policy building with automatic versus manual suggestions

I am ASM newbie. I am testing out the ASM policy building between creating a policy automatically versus manually. I read https://devcentral.f5.com/articles/the-big-ip-application-security-manager-pa...
ASM Advanced WAF
security
waf
Erik_Novak's avatar
Erik_Novak
Icon for Employee rankEmployee
Dec 30, 2015

The recommendation is to only use those attack signatures that are relevant to your OS/DB/environment. So if you've got Linux/PHP/MySQL, there's no need to use OWA attack signatures. Having said that, it's not uncommon for admins to select all of the signatures because they don't know what they're trying to protect. ASM is remarkably efficient, but there is a penalty for forcing it track strings indicating that a signature has been hit. When you ran the Deployment Wizard, you arrived at the Attack Signature configuration screen about midway through. That's where you first assign attack signatures to your policy. The generic attack signature set (keeps away script kiddies and common SQL or cross-site scripting patterns) is applied to all policies by default.