cancel
Showing results for 
Search instead for 
Did you mean: 

Basic ASM Policy for Attack Signatures Only - apply to multiple VIPS

Chung_Yu
Nimbostratus
Nimbostratus

Hi

 

I am wondering how to best manage ASM policy - most of the VIPS can use a basic policy that only checks for signatures. Now, if one of the VIPS using this policy has a false positive, how can I disable the signature for only that VIP and not for all the VIPS using this policy?

 

Thanks

 

C

3 REPLIES 3

Samir
Nacreous
Nacreous

Options 1. Create copy of existing asm policy and customise per requirement. Now assign new asm policy to particular vip.​

Options 2. Use iRule and bypass certain signature id but not sure the feasibility.

 

Erik_Novak
F5 Employee
F5 Employee

You could create a Parent policy with attack signatures configured as optional. Use that parent policy as the basis for new policies. You can then disable the signature causing the FP, or leave it in staging, for that single policy only. The change will not affect the Parent policy or other policies based on the Parent.

Chung_Yu
Nimbostratus
Nimbostratus

Thanks guys, I have started to use a Parent policy as the base policy and build out the ASM on a per VIP basis.

 

Great input and thanks for validating some ops procedures for me.

 

REgards

 

Chung