Wildcard in ASM Rapidpolicy building

Question

Hi,&nbsp;
While moving ASM policy(built using rapid policy builder) from learning to blocking mode we have to keep wildcard elements like parameters, url. or we have to remove wildcard.&nbsp;
While working on ASM rapid policy in my lab i observed request were getting blocked if i remove wildcard. But keeping the wildcard in policy mean any quest legal or illegal that match '*' element properties(lenght, metacharacter) would be allowed.&nbsp;
Thanks,&nbsp;
Sachin&nbsp;

ashwin_venkat_1 · Answer

Hello Sachin,&nbsp;
By removing the wildcard and configuring the policy to include only explicit entities (parameters, URLs and file types), you are configuring what's called a "positive security model", meaning you are only allowing the known entities within your environment.  Anything that's not configured as an explicit entity will result in respective illegal violations.&nbsp;
If you prefer the ASM to not reject all those (some legitimate) traffic that are not configured explicitly, then you will need to have those wildcard entities in place (for URLs, you need to have one for HTTP/HTTPS, depending on whether you've configured your policy to differentiate between the two protocols or not).  This is something we refer to as "negative security model", wherein you allow everything and thereby configure explicit granular configuration for particular known ones from there on in.&nbsp;
As for which model you should go with, that's entirely upto you and your environment needs.  Each one has its own pros/cons.  Let me know if this answers your question.&nbsp;
Ashwin&nbsp;

ashwin_venkat · Answer

Hello Sachin,&nbsp;
By removing the wildcard and configuring the policy to include only explicit entities (parameters, URLs and file types), you are configuring what's called a "positive security model", meaning you are only allowing the known entities within your environment.  Anything that's not configured as an explicit entity will result in respective illegal violations.&nbsp;
If you prefer the ASM to not reject all those (some legitimate) traffic that are not configured explicitly, then you will need to have those wildcard entities in place (for URLs, you need to have one for HTTP/HTTPS, depending on whether you've configured your policy to differentiate between the two protocols or not).  This is something we refer to as "negative security model", wherein you allow everything and thereby configure explicit granular configuration for particular known ones from there on in.&nbsp;
As for which model you should go with, that's entirely upto you and your environment needs.  Each one has its own pros/cons.  Let me know if this answers your question.&nbsp;
Ashwin&nbsp;

sachin_80710 · Answer

Thanks Ashwin,
Now its more clear about how to move Policy with Rapid deployment temp. from learning to blocking.&nbsp;
Thanks,&nbsp;
Sachin&nbsp;

sachin_80710 · Answer

Thanks Ashwin,
Now its more clear about how to move Policy with Rapid deployment temp. from learning to blocking.&nbsp;
Thanks,&nbsp;
Sachin&nbsp;

Forum Discussion

Wildcard in ASM Rapidpolicy building

Recent Discussions

BIG-IP Oauth Client and AS

F5 BOT DEFENSE AWAF blocked some legitimate browsers

Advice to partial rename uri path

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Submenus missing in ASM Security Tab

Related Content

Building a lab using Proxmox

NGINX Virtual Machine Building with cloud-init

Home Lab Server Build Using an Intel NUC and Free VMware ESXi 7

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

Building an OpenSSL Certificate Authority - Creating ECC Certificates

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS