Forum Discussion

sandy16's avatar
sandy16
Icon for Altostratus rankAltostratus
May 04, 2015

ASM Real Traffic policy builder "tighten" settings

Hi experts, we have a security policy build using the automatic policy builder. Currently it is showing 47% complete. I was checking if it has any learning suggestions so far, so i went to Ploicy building > Status (automatic) > details. IF i expand the details under each category, lets say the 1st one - HTTP Protocol Compliance, it gives me a list of violations under it and then there`s a "enable" button. when i scroll my mouse on it. it says "accept the tighten rule". I am wondering what this means? Is it to enforce all these settings?

 

under all these violations, it states that the loosen: N/A and Tighten: Rule Satisfied.

 

I am on version 11.5.1 HF3.

 

thnx

 

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Tighten simply means adding an explicit entry. In an example where you've got a wildcard fine type. You can tighten the policy by adding explicit file types, .CSS .HTML .txt etc. and then remove the wildcard. The policy is now tightened.

     

    N

     

  • thanks Nathan, So does enable\tighten mean accept the violation? Something similar under manual traffic learning?

     

  • I'm not sure about that... This is True for File Types and Parameters, but for HTTP Compliance, and Evasion Techniques detected for example this Enable the settings in the "Blocking Settings" Section. Enabling those settings mean, start blocking non compliant HTTP Requests as soon as you ar in Blocking Mode.