Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Learning mode testing guide

Go to solution
THE_BLUE
Cirrus
Cirrus

‎21-Mar-2021 01:56

is there any guide about how to test the website during learning mode? to make F5 learn all parameters/urls and etc.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Nikoolayy1
MVP
MVP

‎21-Mar-2021 04:23

Hello, You can use the ASM trusted IP/source option as mentioned in https://devcentral.f5.com/s/question/0D51T00006i7fVR/asm-policy-how-is-the-trusted-ip-list-treated . This way you add your or the developers IP address to the trusted ip/source and with just one session the URL and parametars are learned.

 

 

I may also suggest to have a production and pre-production environments and after a change is made on the preproduction environment and learned by using the trusted IP/source then just merge the preproduction policy with the production one and then the developers can also make the change on the production environment as mentioned in https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/33.html .

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
Nikoolayy1
MVP
MVP

‎21-Mar-2021 04:23

Hello, You can use the ASM trusted IP/source option as mentioned in https://devcentral.f5.com/s/question/0D51T00006i7fVR/asm-policy-how-is-the-trusted-ip-list-treated . This way you add your or the developers IP address to the trusted ip/source and with just one session the URL and parametars are learned.

 

 

I may also suggest to have a production and pre-production environments and after a change is made on the preproduction environment and learned by using the trusted IP/source then just merge the preproduction policy with the production one and then the developers can also make the change on the production environment as mentioned in https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/33.html .

0 Kudos

Go to solution
Daniel_Wolf
Nacreous
Nacreous

‎21-Mar-2021 10:44

A couple of general thoughts on learning entities.

 

  • One should have a staging and a production environment.
  • One should learn entities from Trusted IPs (developers, testers or automated tests) to eliminate false positives. Automated tests will usually give the best results.
  • One might want use a Source Control System for the policies.
  • One might want to integrate the policy building process into the CI/CD pipeline.

Check out, there are a couple of resources on the subject "Web Application Firewall in a CI/CD Workflow".

 

And a bit of opinion...

Not every web app needs a policy where each and every entity is learned and locked down airtight.

Have a website serving the menu of the cafeteria as static html? No need for the "best policy in the world".

Your intranet or accounting system? This would for sure require a really good policy.

Make a risk analysis of your app landscape and decide which web app requires which level of protection.

If you have Bot Protection, BaDOS, IPI and Threat Campaigns - those will do a good job protecting your average web apps, also Application Ready Templates are OK.

For the really critical web apps, the above mentioned steps with automated learning and staging policies should be applied.

 

Go to solution
THE_BLUE
Cirrus
Cirrus

‎21-Mar-2021 22:04

Dear Daniel Wolf,

thank you for your inputs, highly appreciated.

Copyright © 2023 Khoros, LLC