Basic ASM Policy for Attack Signatures Only - apply to multiple VIPS

Question

Hi&nbsp;I am wondering how to best manage ASM policy - most of the VIPS can use a basic policy that only checks for signatures. Now, if one of the VIPS using this policy has a false positive, how can I disable the signature for only that VIP and not for all the VIPS using this policy?&nbsp;Thanks&nbsp;C

samir · Answer

Options 1. Create copy of existing asm policy and customise per requirement. Now assign new asm policy to particular vip.

Options 2. Use iRule and bypass certain signature id but not sure the feasibility.

erik_novak · Answer

You could create a Parent policy with attack signatures configured as optional. Use that parent policy as the basis for new policies. You can then disable the signature causing the FP, or leave it in staging, for that single policy only. The change will not affect the Parent policy or other policies based on the Parent.

chung_yu · Answer

Thanks guys, I have started to use a Parent policy as the base policy and build out the ASM on a per VIP basis.

Great input and thanks for validating some ops procedures for me.

REgards

Chung

Forum Discussion

Basic ASM Policy for Attack Signatures Only - apply to multiple VIPS

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Minimizing Security Complexity: Managing Distributed WAF Policies

iControl REST Cookbook - LTM policy (ltm policy)

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Auditing Security Policy Updates

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS