F5 WAF
5 TopicsF5 AWAF Policy learning phase opinion
Hello, Hope you are doing well! I am new to f5 AWAF and am wondering on what is the recommended way to protect and app published on the internet, afaik in the learning phase with transparent mode or blocking mode with staging enabled the attack won't be blocked. Since testing the app locally is not always an option, Is it optimal to set the policy into blocking mode/Enforce/disable learn only for the high attack signatures, at the same time i put other entities into staging (Cookies, URL, parameters, ...) with automatic policy building for learning ? What do you think ? at least i will be sure the high attack won't pass to the app. Thanks. Regards! Amine35Views0likes1CommentHow to check the disabled rules in ASM Policy
Hi Experts , We would like to know the allowed/disbale url or Parameters configured for the Specific ASM policy . Example: www.example.com is the url for which I would like to know the rules applied . How can I check this? Any way I can pull the detailed configuration of ASM Policy from cli ?34Views0likes1CommentUnable to edit or modify Policy is Case Sensitive Option in F5 WAF
Hello Team, I've encountered an issue with the WAF Case Sensitive Option in Version 16.1.2.2 Build 0.0.28. In the Security Settings under Application Security, specifically within Security Policies, the "Policy is Case Sensitive" setting is enabled, (Login LB > Security > Application Security > Security Policies > Policies List > [XXX Policy] > General Settings >> Policy is Case Sensitive : Yes) Where I am unable to modify it directly. Despite my efforts to resolve this by downloading and re-uploading the policy, the option to change the case sensitivity remains inaccessible. Additionally, I reviewed a related support article which suggested using an iRule as a workaround for case sensitivity issues. The proposed iRule is as follows: when HTTP_REQUEST { HTTP::path [string tolower [HTTP::path]] } While this iRule effectively converts the request path to lowercase, it does not resolve the need to configure case sensitivity within the WAF Policy itself. I seek assistance in either enabling the option to modify the case sensitivity directly within the WAF Policy settings or in finding an alternative method to achieve the desired configuration. Any insights or advanced troubleshooting steps would be greatly appreciated. Thank you.85Views0likes1CommentError: SyntaxError: Unexpected token Error
dears, I have an issue with one of my web applications, after users check on the tab under a specific URL this error appears ( Error: SyntaxError: Unexpected token '<', "<html><hea"... is not valid JSON ) and after disable the policy from VS the error solved1.2KViews0likes3Comments