help -best option about parameter learning!!

Question

hello I have a question regarding the learning of the parameters, which would be the best method to use in an implementation never, always, selective, I think that by discarding never is not the best option, my doubt is whether to use always or selective, if I use I will always learn all the parameters that you send in the requests, it is recommended that you learn all the parameters by strain, I understand that if I know how well the policy could eliminate the willcard? , or use select since you only learn the parameters that exceed the willcard, how to define the properties of the willcard so as not to suffer an overflow attack?

yoann_le_corvi1 · Answer

Hi&nbsp;The short answer is (unfortunately) : it depends ! :)&nbsp;It depends how strict you want to be on the policy, and how much time you have available for the job.&nbsp;Always : once policy is stabilized, wildcard is removed any parameter not in the list will be blocked.Selective : wilcard remains, paramters are allowed, but if you have to relax a setting (e.g. disable an attack signature) this will be applied only to the relevant parameter and not to all of themNever : wildcard remain, and if you relax a setting  (e.g. disable an attack signature) this will be applied to the wildcard, i.e. all parameters.&nbsp;So no real "rule" unfortunately.&nbsp;Hope this helps in the reflexion ?&nbsp;Yoann

Forum Discussion

help -best option about parameter learning!!

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Community Learning Path: Multi-Cloud Networking

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

Kubernetes architecture options with F5 Distributed Cloud Services

F5 BIG-IP deployment with OpenShift - platform and networking options

Cisco ACI Endpoint Learning with a BIG-IP HA Failover