F5 has created a specialized ASM template to simplify the configuration process of Drupal v8 with the new version of BIG-IP v13
Click here to download the latest version XML file that contains the template: Drupal v8 Ready Template v6.x
Goal: Quick Drupal v8 base line policy which set to Blocking from Day-One tuned to Drupal v8 environment.
Ready Template Deployment Steps:
1. Download the latest version of the policy XML file (click on the file --> Raw --> Save As) from the link above
2. Update Attack Signature to the latest version: Click "Security Update" --> "Application Security" --> "Check for Updates" --> "Install Updates"
2. Click "Application Security" --> "Import Policy" --> Select File" and choose the XML file
3. Edit the policy name to the protected application name and click "Import Policy"
4. Attach the policy to the appropriate virtual server
5. Refine learning new records in "Application Security" --> "Policy Building" --> Traffic Learning"
6. Observe no false positive occur by validating event logs: "Event Logs" --> "Application" --> "Request"
The template cover the signature set (“Linux Apache Mysql PHP apps”) that include new Drupal Core Remote Code Execution (CVE-2018-7602) mitigation (Pending attack update to the latest version as shown in deployment steps 2) https://devcentral.f5.com/s/articles/drupal-core-remote-code-execution-cve-2018-7602-31167
Important: If the policy is not working properly, please ensure you are using the latest version. If you have any issues or questions, please send any feedback to my email: firstname.lastname@example.org