For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jeff_Browning_2's avatar
Jeff_Browning_2
Historic F5 Account
Jul 22, 2008

Welcome to the new Web Application Security Forum

Welcome to the new Web Application Security discussion forum newly consolidated in the Security Groups. We've created this forum as a place to post questions and discuss design, configuration, and cus...
app sec
BIG-IP Access Policy Manager (APM)
security
Mike_Maher's avatar
Mike_Maher
Icon for Nimbostratus rankNimbostratus
Feb 03, 2012
Nik,

 

So I guess that all depends on what you are asking when you say is it ok to do this.

 

 

If you are asking from an F5 configuration standpoint, I agree with Aaron that if you are learning URLs tightening would be your best option using the *.

 

 

However if you are asking from a Security standpoint, my personal opinion on tightening is that I don't do in the production environment, I do 99.9% of tightening and staging (policy building) in a controlled test environment and then copy that policy to production. I have occasionally done some very targeted staging for parameters in production and I do stage new Attack Signatures, but that is about it. Unless you can control who is hitting your site during your tightening period I would restrict it to test environment only. Just my personal opinion.

 

 

Mike