Forum Discussion
Wasfi_Bounni
Cirrocumulus
CirrocumulusIs the update and application of new AWAF attack signatures "Service Affecting"?
Hi; Is the update and application of new AWAF or ASM attack signatures "Service Affecting"? Also does applying the new attack signatures entail a reboot of the device? Kindly Wasfi
Hi Wasfi_Bounni ,
Yes , it may impcat you.
and not it depends :- you want to enforce signtaures immediately. ( may impact you and produce false positives )
- you can keep these signature under learning for a while ( Readness period "default 7 days" )
Open ( Security >> Application security >> Learning and blocking settinngs >>> Attack signatures )
- If you want to enforce it directley :
open this :Make sure ( you're selecting enforce updated rule immediately ...... ).
>>> by doing this all newly updated signature will be enforced directly.
- If you want to keep updated signature for a while and in learning and after checking your learning suggestion to take your decision :
modify your configuration like this :
>>> performing this shoud put your newly signatures in statging waiting the ( Readness period to be fininshed ) to be ready to be enforced and you will work on parallel on learning suggestions ( Accept / delete suggestions ) based on your analysis in suggestions collected from requests samples.
I hope this helps you 🙂
boneyard
MVP
MVPIt depends what you mean with "service affecting" ... as to your second question, it wont reboot the device and it will also not restart BIG-IP services or such causing general traffic interuptions.
as Mohamed explains it might affect your service if a false positive occurs in the new signatures and they are applied in blocking mode. this is always a tricky choice, perhaps some interuption but auto update. or long checking and testing. your choice in the end.
Wasfi_BounniThank you Boneyard.