Forum Discussion
CirrusUser Input Validation
Hi All
Let's say there's a registration form. I'm wondering if F5 has a feature to validate user input for every field. I'm used to FortiWeb, where you can specify data type, character length, and other parameters for each field to validate and restrict input. Does F5 offer a similar feature? If yes, could you provide a step-by-step guide?
Thanks in Advance
- Nikoolayy1
MVP
In F5 AWAF/ASM this simply is called parameters as F5 AWAF is smart enough to work with parameters no matter if they are in the POST Body or GET query 😉
I really suggest taking the F5 customer facing training for AWAF as F5 AWAF is complex system. Step by step guides are not very usefull as every app and network environment are different. Also F5 sales/solutions engineers make demos and answer questions and I suggest making use of this option when contacting F5. F5 also has automatic or manual policy learning for parameters, urls , signatures and much more so there are a lot of moving parts that need careful consideration for implementing the security policy and each implementation differs based on the the specific web app and networking environment around the F5 device!
Outside of that you can see:
Guide introduction and contents | BIG-IP ASM operations guide
BIG-IP Application Security Manager: Getting Started
Succeeding with application security
Using the 'Auto detect' option for a parameter to reduce false positive violations
BIG-IP AWAF Demo 10 - Use Parameter Enforcement with F5 BIG-IP Adv WAF (formerly ASM)
BIG-IP AWAF Demo 12 - Enforce Global Settings for Parameters with F5 BIG-IP Adv WAF (formerly ASM)
BIG-IP AWAF Demo 15 - Use Different Parameter Types with F5 BIG-IP Adv WAF (formerly ASM)
- Nikoolayy1
If you just need to add parameters witout any F5 knowedge see Adding Entities to a Security Policy
