Forum Discussion

THE_BLUE

Cirrostratus

Mar 21, 2021

Learning mode testing guide

is there any guide about how to test the website during learning mode? to make F5 learn all parameters/urls and etc.

Nikoolayy1
Mar 21, 2021
Hello, You can use the ASM trusted IP/source option as mentioned in https://devcentral.f5.com/s/question/0D51T00006i7fVR/asm-policy-how-is-the-trusted-ip-list-treated . This way you add your or the developers IP address to the trusted ip/source and with just one session the URL and parametars are learned.

I may also suggest to have a production and pre-production environments and after a change is made on the preproduction environment and learned by using the trusted IP/source then just merge the preproduction policy with the production one and then the developers can also make the change on the production environment as mentioned in https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/33.html .

Daniel_Wolf

MVP

Mar 21, 2021

A couple of general thoughts on learning entities.

One should have a staging and a production environment.
One should learn entities from Trusted IPs (developers, testers or automated tests) to eliminate false positives. Automated tests will usually give the best results.
One might want use a Source Control System for the policies.
One might want to integrate the policy building process into the CI/CD pipeline.

Check out, there are a couple of resources on the subject "Web Application Firewall in a CI/CD Workflow".

And a bit of opinion...

Not every web app needs a policy where each and every entity is learned and locked down airtight.

Have a website serving the menu of the cafeteria as static html? No need for the "best policy in the world".

Your intranet or accounting system? This would for sure require a really good policy.

Make a risk analysis of your app landscape and decide which web app requires which level of protection.

If you have Bot Protection, BaDOS, IPI and Threat Campaigns - those will do a good job protecting your average web apps, also Application Ready Templates are OK.

For the really critical web apps, the above mentioned steps with automated learning and staging policies should be applied.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Learning mode testing guide

Recent Discussions

NAT for specific IPs

VIP needed for many UDP ports

remove ssh after gtm_add/bigip_add/big3d_add ?

What will be happen to live and existing connections when failover HA BIG IP active-standby

Creating Policy using Terraform

Related Content

iRules Style Guide

Where are F5's archived deployment guides?

BIG-IP Next Installation Guides

Community Learning Path: Multi-Cloud Networking

VIPTest: Rapid Application Testing for F5 Environments

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS