Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Mar 21, 2021
Solved

Learning mode testing guide

is there any guide about how to test the website during learning mode? to make F5 learn all parameters/urls and etc.

  • Hello, You can use the ASM trusted IP/source option as mentioned in https://devcentral.f5.com/s/question/0D51T00006i7fVR/asm-policy-how-is-the-trusted-ip-list-treated . This way you add your or the developers IP address to the trusted ip/source and with just one session the URL and parametars are learned.

     

     

    I may also suggest to have a production and pre-production environments and after a change is made on the preproduction environment and learned by using the trusted IP/source then just merge the preproduction policy with the production one and then the developers can also make the change on the production environment as mentioned in https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/33.html .

3 Replies

  • A couple of general thoughts on learning entities.

     

    • One should have a staging and a production environment.
    • One should learn entities from Trusted IPs (developers, testers or automated tests) to eliminate false positives. Automated tests will usually give the best results.
    • One might want use a Source Control System for the policies.
    • One might want to integrate the policy building process into the CI/CD pipeline.

    Check out, there are a couple of resources on the subject "Web Application Firewall in a CI/CD Workflow".

     

    And a bit of opinion...

    Not every web app needs a policy where each and every entity is learned and locked down airtight.

    Have a website serving the menu of the cafeteria as static html? No need for the "best policy in the world".

    Your intranet or accounting system? This would for sure require a really good policy.

    Make a risk analysis of your app landscape and decide which web app requires which level of protection.

    If you have Bot Protection, BaDOS, IPI and Threat Campaigns - those will do a good job protecting your average web apps, also Application Ready Templates are OK.

    For the really critical web apps, the above mentioned steps with automated learning and staging policies should be applied.

     

  • Dear Daniel Wolf,

    thank you for your inputs, highly appreciated.

  • Hello, You can use the ASM trusted IP/source option as mentioned in https://devcentral.f5.com/s/question/0D51T00006i7fVR/asm-policy-how-is-the-trusted-ip-list-treated . This way you add your or the developers IP address to the trusted ip/source and with just one session the URL and parametars are learned.

     

     

    I may also suggest to have a production and pre-production environments and after a change is made on the preproduction environment and learned by using the trusted IP/source then just merge the preproduction policy with the production one and then the developers can also make the change on the production environment as mentioned in https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/33.html .