For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

seilemor_131269's avatar
seilemor_131269
Icon for Altostratus rankAltostratus
Oct 07, 2015

ASM settings wihtin Sharepoint 2013 template

Hey,

 

I'm at the beginning of my ASM career and need your help to understand something.

 

To publish a Sharepoint installation, I've created the LTM and ASM settings with the neweset iApp template. At the moment the virtual IP is only available in the internal LAN. The connection works well. What I did not understand is that within the ASM settings for example in the section "allowed URL" the wildcard "*" is available. This is also for file types, parameters and the other ASM settings. In my opinion this mean that every URL/URI is ok for the ASM system, but why there are than also some explicit entry for URL`s? For me the rule is configured to accept each URL, parameter, file types and so on.

 

Regards seilemor

 

 

application delivery
ASM Advanced WAF
deployment
LTM
security
sharepoint 2013

4 Replies

  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Oct 07, 2015

    Are there more explicit entries for Allowed URLs such as 

    /_layouts/*
    ? Most likely, the template autor has listed all valid SP2013 URLs as explicit entries, and ultimately configured a more strict policy. My guess is that despite using the template, you probably configured your policy so that no wildcard tightening is performed on URLs; as a result, this wildcard entry was appended to the explicitly allowed URLs entries. As you've guessed correctly, this wildcard entry is now superseding all the explicit entries, and any Allowed URLs besides the wildcard are eligible for removal.

  • seilemor_131269's avatar
    seilemor_131269
    Icon for Altostratus rankAltostratus
    Oct 07, 2015

    Hey Hannes,

     

    there are entrys for example like "/_layouts/.aspx", "/_layouts/inc/.png" or "/sitepages/". In summary there are 86 URL's.

     

    What are your think what I should do in this case!? Deleting the wildcard from the categroies!?

     

    As additional info; within the settings of "policy building" there are at each categorie the option "Never (wildcard only)" selected. Is this the reason for the wildcard? For some weeks I've played a little bit around with these settings. Regarding the selected option within the settings of policy building the wildcard has been added or not.

     

    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus
      Oct 07, 2015
      As additional info; within the settings of "policy building" there are at each categorie the option "Never (wildcard only)" selected. Is this the reason for the wildcard? - Yes, that's why you have the wildcard entry on top of explicit entries. What should you do? I think in your case, there's no reason to go with the wildcard setting (permit all URLs) since someone has done a lot of work to map out all the legitimate URLs for this particular application. Try it out for a week, and if the mapped URLs cover everything as expected, go with the strict setup where only a specific set of URLs are allowed. As you mentioned, you're just starting out with ASM. I would recommend having a look at ASM management article series by John Wagnon (2-3 hours read): https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-10-event-logging Good luck!
    • seilemor_131269's avatar
      seilemor_131269
      Icon for Altostratus rankAltostratus
      Oct 07, 2015
      Ok - thank you very much for your help. I'll delete the wildcard entrys and will take the time to read the article. While googling around this topic I already found this article :)