Forum Discussion

Hakam24's avatar
Hakam24
Icon for Nimbostratus rankNimbostratus
Sep 11, 2024

How to accept Application requests at WAF F5

Dear All, I just apply WAF policy. The enforcement mode is blocking. Policy Building learning mode "Manual" Policy Builder Learning Speed "Medium" Other setting is default setting. After ...
event
f5
security
waf
Hakam24's avatar
Hakam24
Icon for Nimbostratus rankNimbostratus

Hi Mohamed,

Thank for the reply.

Btw, I just newbie in WAF, for this link : https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-0-0/20.html  i cannot understand all step. I done until step no 6. No 7 just lose not understand anymore.  Try to find Global Security Policy Settings under attack Signatures tab but not found. 

Our version and model below:

Version: 16.1.4.2 Build 0.0.3

Model: BIG-IP i4600

By default we not un-tick the all three learn-alarm-block.  If not select the block, by default the traffic will block?

 

Mohamed_Ahmed_Kansoh's avatar
Mohamed_Ahmed_Kansoh
Icon for MVP rankMVP
Sep 12, 2024

Hi, 

Look in that article from step 7 >> it means if you want to edit in any entity like URLs , Parameters. 
you can select it and add or remove signatures/meta characters. 
Like this: 


For the Question, if you disable ( Learn , alarm , Block ) this allows the request and doesn't block it.

but I recommend to enable this under specific URL or parameter and don't make this change in the whole of the policy this is more secure.
I don't know the url that your client try to access and get blocked, I need further visibility in the request and the violation itself