For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rise_77519's avatar
Rise_77519
Icon for Nimbostratus rankNimbostratus
Jul 22, 2014

explicit entities learning

Hi, Can anybody briefly explain differentiate against Never (wildcard only), Selective, Add All Entities.I only understand add all entities that it adds entities that match a wildcard. but not exactly understand wildcard only and selective function.

 

thanks,

 

design

8 Replies

  • Arnaud_Lemaire's avatar
    Arnaud_Lemaire
    Icon for Employee rankEmployee
    Jul 22, 2014

    Hello Rise,

     

    According to the configuration you have (and the doc) : - if policy builder is activated, the entity will be added if attributes differ from the * (length, characters ...) - if policy builder is not running, you will find the new entity in learning suggestion tab.

     

    Doc Link

     

  • Vitaliy_Savrans's avatar
    Vitaliy_Savrans
    Icon for Nacreous rankNacreous
    Jul 22, 2014

    Hi,

     

    for example:

     

    Violation is occur for http://abc.com/test/test_page!!!.html (! -is dissalowed meta character).

     

    When wildcard only: if you apply learning solution "!" will be allowed for all urls.

     

    When selective function: "!" will be allowed for particular url

     

  • Rise_77519's avatar
    Rise_77519
    Icon for Nimbostratus rankNimbostratus
    Aug 04, 2014

    Hi Guys, Thanks for the responses.

     

    Vitaly , I could not understand exactly why "!" will be allowed even though it is disallowed character when selection function activated. And when all entities activated on the policy then "!" will be allowed ? Thanks again!!

     

    • Vitaliy_Savrans's avatar
      Vitaliy_Savrans
      Icon for Nacreous rankNacreous
      Aug 04, 2014
      It will be allowed in case if you accept learning suggestion with allow parameter
  • Rise_77519's avatar
    Rise_77519
    Icon for Nimbostratus rankNimbostratus
    Aug 06, 2014

    Ok thanks Vitaliy.

     

    I created a automatic policy but not sure it is starting to block the client traffic.it will block the traffic by consider the enforcement readiness period time that i leave it default value or it consider requests and sessions values in accepted as legitimate and stabilize( tighten ).

     

    Rise,

     

    • Vitaliy_Savrans's avatar
      Vitaliy_Savrans
      Icon for Nacreous rankNacreous
      Aug 06, 2014
      Policy will block traffic if following criterias are met : - policy is in block mode; - policy entrie is enforced or not in staging mode;
  • Rise_77519's avatar
    Rise_77519
    Icon for Nimbostratus rankNimbostratus
    Aug 25, 2014

    hi Vitaly, I indicated that when i created the policy with the add all entities then i see all urls file types and parameters that added to the security policy. But when i created the policy with the selective mode then some parameters and files type are added to the policy. what is the rule that the asm adds entities to security policy for selective - add all entities? Thanks a lot.

     

  • Rise_77519's avatar
    Rise_77519
    Icon for Nimbostratus rankNimbostratus
    Aug 26, 2014

    Hi, when i selected the selective mode for the URL in the policy setting I can only see the below wildcard entities that added in my security but while the add all entities selected i can see all url that added in my policy. why asm add the wildcard entities while in selected mode?

    [HTTPS] *   No  Selective   N/A N/A
[HTTPS] *.[Gg][Ii][Ff]  No  Never (wildcard only)   N/A N/A
[HTTPS] *.[Ii][Cc][Oo]  No  Never (wildcard only)   N/A N/A
[HTTPS] *.[Jj][Pp][Gg]  No  Never (wildcard only)   N/A N/A
[HTTPS] *.[Pp][Nn][Gg]  No  Never (wildcard only)   N/A N/A
[HTTPS] *.[Ss][Ww][Ff]  No  Never (wildcard only)   N/A N/A