Forum Discussion
Learning mode testing guide
- Mar 21, 2021
Hello, You can use the ASM trusted IP/source option as mentioned in https://devcentral.f5.com/s/question/0D51T00006i7fVR/asm-policy-how-is-the-trusted-ip-list-treated . This way you add your or the developers IP address to the trusted ip/source and with just one session the URL and parametars are learned.
I may also suggest to have a production and pre-production environments and after a change is made on the preproduction environment and learned by using the trusted IP/source then just merge the preproduction policy with the production one and then the developers can also make the change on the production environment as mentioned in https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/33.html .
A couple of general thoughts on learning entities.
- One should have a staging and a production environment.
- One should learn entities from Trusted IPs (developers, testers or automated tests) to eliminate false positives. Automated tests will usually give the best results.
- One might want use a Source Control System for the policies.
- One might want to integrate the policy building process into the CI/CD pipeline.
Check out, there are a couple of resources on the subject "Web Application Firewall in a CI/CD Workflow".
And a bit of opinion...
Not every web app needs a policy where each and every entity is learned and locked down airtight.
Have a website serving the menu of the cafeteria as static html? No need for the "best policy in the world".
Your intranet or accounting system? This would for sure require a really good policy.
Make a risk analysis of your app landscape and decide which web app requires which level of protection.
If you have Bot Protection, BaDOS, IPI and Threat Campaigns - those will do a good job protecting your average web apps, also Application Ready Templates are OK.
For the really critical web apps, the above mentioned steps with automated learning and staging policies should be applied.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com