BIGIP OWA ASM Policy Template Questions

Question

I created the ASM policy with OWA exchange template on v13.1.1.2

These templates are marketed as ready to block but all the parameters are set to lengths of 10, even the parameters like username.

They are creating immediate false positives.

So I now will have to put it on transparent and set learning.

Any suggestions with these template? What would work best? Auto learn or manual?

youssef1 · Answer

Hi David,&nbsp;the good alternative is to switch to transparent mode the time to learn as you done.from my point of view I prefer to set policy in Manual learn this allows me to have a total mastery especially if the service is exposed on the internet (if you have the opportunity to learn that based on internal user you could put your policy automatically).&nbsp;I also advise you to finetunnig your configuration, let's take the example of parameter lengths, &nbsp;I removed them (parameter or URI). for me it is not convincing...&nbsp;another point we must not forget to configure the policy (Learning and Blocking Settings) to selective (For URL and Parameter). If you allow an exception (false positif), it will not be applied to all the site but only to your URL or related parameters.&nbsp;&nbsp;&nbsp;Regards&nbsp;&nbsp;

david_m · Answer

But I’m surprised that this policy is not ready to block because I was assuming these templates are tested by built by f5 in a test environment with ideal settings and then to find out the username parameter is set to 10 . Haha .

Even their YouTube videos suggest these can be directly set to blocking.

youssef1 · Answer

Hi,&nbsp;I fully understand your point of view.But I think F5 does its best to provide a generic template. Some users use for example use a  trigram to connect and in this case it could have worked without problem.But in any case when you have an ASM policy you will have to customize it (parameter, URL length, ...).&nbsp;let me know if you need more assistance.&nbsp;regards

david_m · Answer

Well I set it to transparent with manual learning.

And added some trusted subnets so it should be okay.

Forum Discussion

BIGIP OWA ASM Policy Template Questions

4 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

SSH forward proxy

Replacing i2800 pair with new F5-BIG-AFM-r2800

F5 CIS -> NGINX Plus Ingress Controller Integration

Can I use F5 Big-IP WAF as HoneyPot

Entra ID F5 APM MDM Intune integration compliance check

Related Content

Secure Your Epic Applications in a Flash with F5 FAST Templates & Declarative AWAF Policies

APM Advanced Customization Examples with Modern Template, v15.1+

External Monitor Information and Templates

Legacy ASM Templates

Policy Puppetry, Jumping the Line, and Camels

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS