Content type hearder charset=UTF-8
Hello friends, We have a requirement to have WAF should only allow charset=UTF-8 in the Content-Type header. So curios does this cover by any rule in ASM policy or do we have to create a custom rule through iRule or other ? Basically our objective to accept only ute-8 and reject rest of any. Appreciate any inputs !!
ASM - Parent policy vs OWASPcompliance
Hi folks, I am implementing a WAF in my company and I would like to work with parent and child policies. This way, if we need to add something in general, I can apply it to the parent policy and it will replicate this change to the child policies, instead of going one by one and applying it individually. However, I found out that "Parent and Child Security Policies are not supported by the OWASP Top 10 compliance dashboard." So, I would like to know what the best approach is. Is it worth going ahead with the parent and child policies and ignore the OWASP compliance dashboard? Or, in terms of security, is it better to create a normal ASM policy without parent or child relationships?
F5 ASM Response logging show different timezone from Request logging
Dear All Respected Members, I have a question on f5 AWAF response logging. I am setting up a WAF policy to block attacks and monitor all traffic to and from the real servers. I can see the logs generated for both request & response, but it shown incorrect log timezone for responses. BIG-IP, real server and client are set local time zone GMT+7, but the repone logs are GMT. I have double checked timezone on all devices are configure correctly. Could you advise me what is the root cause and how to fix it? Thanks.
What triggers "analytics gui-widget added to config"
Hi; I was looking around at a number of things in the GUI - mainly around network firewall, firewall rules lists and VLAN stuff. Was looking at many other things at the time so not sure what triggered the generation of the "analytics gui-widget added to config" config change. I certainly didn't do anything I would have considered as "configuration" or that I would expect would cause a configuration change. This led to the active device becoming out of "configuration sync" with the standby device, with the yellow sync required message. When looked at the bigip.conf file difference between the two, the only difference I can see is the "analytics gui-widget added to config" entry on the big.conf file of the active device, which also shows in the audit log file at /var/log/audit against my administrator username. What actually triggers this? Kindly Wasfi
How to lift the connection limit for a given IP address ?
help me --------------------- when CLIENT_ACCEPTED { if {[IP::addr [IP::client_addr] equals 10.3.125.142 ] } { TCP::limxmit disable log local0. "#######limit disable action " } } ---------------------------- This script doesn't work, is there another way?Specify the address mismatch connection restriction function, if implemented.
Specify the address mismatch connection restriction function, if implemented. --------------------- when CLIENT_ACCEPTED { if {[IP::addr [IP::client_addr] equals 10.3.125.142 ] } { TCP::limxmit disable log local0. "#######limit disable action " } } ---------------------------- This script doesn't work, is there another way?Need to add multiple scanner IP to ASM policy
Hello Team, In our environment we have onboarded 40+ application on F5 ASM WAF and for all application we have created individual security policy but now there is one requirement, we need to whitelist multiple Scanner IP from ASM policy, so if i will add each IP manually then it will be very time consuming task. So if i create parent policy and add all IP in IP exception so can it will work if i add all security policy as child policy ? is there any Impact because we have performed multiple changes in security policy as per application requirement and we do not want to touch those changes. Sunil
UCS files appear randomly in my Big-IP.
Hello, I've set up a scheduled backups from Big-IQ, but I've observed the following behavior: When Big-IQ fails to generate the backup, I find backups on my big-ip (in System > Archives) . Is this normal behavior? Typically, Big-IQ should generate backups of Big-IP devices locally, or should they also be generated on the Big-IP device itself? Thanks in advance.
Big-IQ 8.3.0 Backup Schedules not showing correct settings.
I have had a backup schedule set up on my Big-IQ to run daily, archive copies to a remote server, and retain local copies for 3 days. We upgraded the Big-IQ to 8.3.0 a few months ago and saw under "Backup Files" that backups were successful so we didn't look at our Backup Schedule. Today we looked at the backup schedule and saw that the local retention policy was set to delete after 1 day, the start time is set to 0:0 instead of our 2:0 time, and Archive was unchecked. We tried to adjust these settings but after saving and closing the schedule when we went back to the schedule it still showed those default type settings. However our backup files show the correct retention, time, and archive settings. Further testing showed that any changes we made to our schedule/new schedules made, were being implemented on the backup files correctly but the backup schedule always shows the wrong default settings. It seems the only info it correctly keeps is Name, Description, Private Keys, Encryption, and Devices. Is this a known issue for version 8.3.0?
