cancel
Showing results for 
Search instead for 
Did you mean: 

Learning mode testing guide

THE_BLUE
Cirrus
Cirrus

is there any guide about how to test the website during learning mode? to make F5 learn all parameters/urls and etc.

1 ACCEPTED SOLUTION

Hello, You can use the ASM trusted IP/source option as mentioned in https://devcentral.f5.com/s/question/0D51T00006i7fVR/asm-policy-how-is-the-trusted-ip-list-treated . This way you add your or the developers IP address to the trusted ip/source and with just one session the URL and parametars are learned.

 

 

I may also suggest to have a production and pre-production environments and after a change is made on the preproduction environment and learned by using the trusted IP/source then just merge the preproduction policy with the production one and then the developers can also make the change on the production environment as mentioned in https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/33.html .

View solution in original post

3 REPLIES 3

Hello, You can use the ASM trusted IP/source option as mentioned in https://devcentral.f5.com/s/question/0D51T00006i7fVR/asm-policy-how-is-the-trusted-ip-list-treated . This way you add your or the developers IP address to the trusted ip/source and with just one session the URL and parametars are learned.

 

 

I may also suggest to have a production and pre-production environments and after a change is made on the preproduction environment and learned by using the trusted IP/source then just merge the preproduction policy with the production one and then the developers can also make the change on the production environment as mentioned in https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/33.html .

A couple of general thoughts on learning entities.

 

  • One should have a staging and a production environment.
  • One should learn entities from Trusted IPs (developers, testers or automated tests) to eliminate false positives. Automated tests will usually give the best results.
  • One might want use a Source Control System for the policies.
  • One might want to integrate the policy building process into the CI/CD pipeline.

Check out, there are a couple of resources on the subject "Web Application Firewall in a CI/CD Workflow".

 

And a bit of opinion...

Not every web app needs a policy where each and every entity is learned and locked down airtight.

Have a website serving the menu of the cafeteria as static html? No need for the "best policy in the world".

Your intranet or accounting system? This would for sure require a really good policy.

Make a risk analysis of your app landscape and decide which web app requires which level of protection.

If you have Bot Protection, BaDOS, IPI and Threat Campaigns - those will do a good job protecting your average web apps, also Application Ready Templates are OK.

For the really critical web apps, the above mentioned steps with automated learning and staging policies should be applied.

 

THE_BLUE
Cirrus
Cirrus

Dear Daniel Wolf,

thank you for your inputs, highly appreciated.