Forum Discussion

yosry92_331999's avatar
yosry92_331999
Icon for Nimbostratus rankNimbostratus
Jan 01, 2018

What is the maximum count of entities can asm policy have?

What is the maximum count of entities can asm policy have? is there a limit or it's unlimited?

 

ASM Advanced WAF
security
  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Jan 03, 2018

    ...version 12.1.2 i mean url entites

    This is undocumented so I had to test. Used VIM to create a ton of dummy 

    Allowed URLs
    , and imported ASM policy as XML. No problems encountered at 5312 (when I stopped my tests). In practice, it's highly unlikely anything less than 8192 is the limit. Regardless of the exact number, this is more than enough. You never define more than around 100 Allowed URLs per policy. Even at 50 URLs it makes sense to use some wildcards. After 100, it makes sense to turn the tables and go with a negative security model (you define what is NOT allowed)

    For reference, my test Screenshot

  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Jan 02, 2018

    This is different across entities, and also different across BigIP ASM software versions. What version and what entity in particular?

     

  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Icon for Nacreous rankNacreous
    Jan 03, 2018

    ...version 12.1.2 i mean url entites

    This is undocumented so I had to test. Used VIM to create a ton of dummy 

    Allowed URLs
    , and imported ASM policy as XML. No problems encountered at 5312 (when I stopped my tests). In practice, it's highly unlikely anything less than 8192 is the limit. Regardless of the exact number, this is more than enough. You never define more than around 100 Allowed URLs per policy. Even at 50 URLs it makes sense to use some wildcards. After 100, it makes sense to turn the tables and go with a negative security model (you define what is NOT allowed)

    For reference, my test Screenshot

  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Jan 03, 2018

    ...version 12.1.2 i mean url entites

    This is undocumented so I had to test. Used VIM to create a ton of dummy 

    Allowed URLs
    , and imported ASM policy as XML. No problems encountered at 5312 (when I stopped my tests). In practice, it's highly unlikely anything less than 8192 is the limit. Regardless of the exact number, this is more than enough. You never define more than around 100 Allowed URLs per policy. Even at 50 URLs it makes sense to use some wildcards. After 100, it makes sense to turn the tables and go with a negative security model (you define what is NOT allowed)

    For reference, my test Screenshot