Forum Discussion
Hakam24
Nimbostratus
NimbostratusHow to accept Application requests at WAF F5
Dear All, I just apply WAF policy. The enforcement mode is blocking. Policy Building learning mode "Manual" Policy Builder Learning Speed "Medium" Other setting is default setting. After ...
Hi,
Check First if your application uses JSON you need to configure JSON Content profile , to let AWAF to parse JSON Requests correctly , please have a look in this article to know how to configure JSON Content profile: https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-0-0/20.html
Also Have a look in this article : https://clouddocs.f5.com/products/waf-declarative-policy/violation.html >> search for JSON Parser attack.
Here you're the Violation under Content profile settings:
Hakam24Hi Mohamed,
Thank for the reply.
Btw, I just newbie in WAF, for this link : https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-0-0/20.html i cannot understand all step. I done until step no 6. No 7 just lose not understand anymore. Try to find Global Security Policy Settings under attack Signatures tab but not found.
Our version and model below:Version: 16.1.4.2 Build 0.0.3
Model: BIG-IP i4600
By default we not un-tick the all three learn-alarm-block. If not select the block, by default the traffic will block?Hi,
Look in that article from step 7 >> it means if you want to edit in any entity like URLs , Parameters.
you can select it and add or remove signatures/meta characters.
Like this:
For the Question, if you disable ( Learn , alarm , Block ) this allows the request and doesn't block it.but I recommend to enable this under specific URL or parameter and don't make this change in the whole of the policy this is more secure.
I don't know the url that your client try to access and get blocked, I need further visibility in the request and the violation itself