Forum Discussion

Haitham_Hadad_3's avatar
Haitham_Hadad_3
Icon for Nimbostratus rankNimbostratus
May 04, 2018

Policy in transparent/blocking with Attack signature enabled/disabled

Hi,   Kindly what is the difference between these scenarios   If I have my policy in Transparent mode and the attack signature isn't enabled and also if enabled ?   And if I have policy in B...
ASM Advanced WAF
BIG-IP
security
mr_shaggy_17493's avatar
mr_shaggy_17493
Icon for Nimbostratus rankNimbostratus
May 04, 2018

Hi Haitham,

 

  • If you put the enforcement mode into Transparent, then ASM will inspect all traffic flowing through BIG-IP without blocking any illegal traffic, but it will give a flag for the illegal traffic on the event log (as long as you enabled the alarm and logging setting). No matter whether you enabled or put the attack signature into staging, illegal traffic won't be block on transparent mode.

  • If you put the enforcement mode into Blocking:

     

    • if the attack signature was put into staging, then ASM will not block any violations which is match to the attack signature, but still giving a flag for the illegal traffic on the event log. The positive security component (Illegal URL, Illegal Parameter, etc.) will still working regardless of the attack signature configuration which is on staging.
    • if the attack signature is not on staging/enabled, then ASM will block any traffic which is match to the attack signature.

Regards,

 

Ahmad

 

Haitham_Hadad_3's avatar
Haitham_Hadad_3
Icon for Nimbostratus rankNimbostratus
May 04, 2018

Thanks Ahmed So in blocking mode, ASM will block all [ as illegal url, parameters ... ] except matched attack signatures till we disable staging mode for these signatures

 

Right ?

 

Thanks Haitham