data guard
11 TopicsHow "transparent" is transparent mode in ASM?
When setting up Application Security Manager, it's standard to set a security policy to "transparent" for a virtual server, watch what violations it catches, revise as needed and then change from transparent to blocking mode. It turns out transparent mode is not completely transparent and can break an application, even with simple defaults from a rapid deployment security policy. The Data Guard feature will, by default, replace a string of digits with asterisks if it thinks it may be a credit card or social security number. That can break an application if, for instance, that string of digits was in a critical piece of javascript code. It can of course be turned off by unchecking the Mask Data option in Data Guard, or by exempting certain URLs. Until this happened, I thought transparent mode was fairly safe to turn on, so I'd like to know what other features, especially those on by default, could interfere with a virtual server's traffic. ASM will add cookies by default, but I haven't seen that cause a problem yet. I don't know of any others on by default, but think that if the Web Scraping or Brute Force features are enabled, their client side integrity defense would be sending a javascript challenge to the client even in transparent mode. Anything else I'm missing? Any other caveats to applying a transparent mode ASM security policy?1.9KViews0likes11CommentsHow to passively monitor Dataguard without masking data?
I have a security policy in blocking with "Data guard:info leakagae detected" set to alarm and learn. I disabled everything under security--application security--data guard. How can I enable data guard in this scneario such that Big-IP will not mask or block the data but just show the logs and learning suggestions?Solved575Views0likes2CommentsIs it possible to set a threshold limit with Data Guard in the ASM?
Hi All, I have been playing around with data guard and I am able to block requests that match the regex expressions, or allow them and mask them etc. My question is, Is it possible to only block once a threshold limit has been reached? For example I want to allow 1 credit card to go through however if 10 credit cards are identified in a single request, can I block that request? As always, thank you in advance.Solved424Views0likes4CommentsASM: Data Guard (Credit Card Number) Exception Rules
Hi Folks I'm having grief with Data Guard Credit Card processing. I have a bunch of web pages that use SVG graphics, and Data Guard is incorrectly detecting credit card numbers and masking some of the data used to render the graphic. If the ASM policy is in transparent mode it masks some of the data (with asterisks, and this distorts the rendered graphic), and if the policy is in blocking mode it blocks the page outright. It's definitely the credit card feature because if I disable this in Data Guard everything works normally. The data in question is contained between tags that explicitly starts with " Thanks400Views0likes1CommentData Guard Option not working
Hi All, I have a Rapid Deployment security policy, with learn, alarm and block settings enabled for Data Guard as well. But when i try to access the application, credit card number is not getting masked. Any suggestions what else I might be missing ? Big-IP version: 13.1.1399Views0likes1CommentASM Data Guard using custom pattern to mask sensitive data in HTTP-request header
I would like to use ASM Data Guard custom pattern to mask sensitive data that captured in http request header. The data that i want to mask is username and password within the http-request post Header. I want to mask following data __Requesttokanverification=nmsjfueotueihvbnxikwhjslkqjsdfgjhiertjdfgjkk&Username=joe&Password=test I've written following Reg pattern it doesn't work __Requesttokenverification=\w+\w+\w+&Username=\w+\d+&Password=\w+\d+258Views0likes1CommentConfiguring monitor for DataGuard Oracle
Hi Experts, do you have guide where I can use as a reference in configuring DataGuard Oracle? I used this Deployment Guide but didnt work on me, https://www.f5.com/pdf/deployment-guides/oracle-rac-database-dg.pdf. I am thinking that this is something to do with the connection string that we configured. Connection string configured: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=db01)(PORT=1524))(CONNECT_DATA=(SERVICE_NAME=db.client.org))(SERVER=dedicated))229Views0likes0CommentsData Guard exeption patterns configured via tmsh.
Hello Everyone, we have enabled Data Guard in our ASM policy and it works most of the time good ;). From time to time it happen that legit account nr. is validated as credit card nr. and so is blocked. We need than to add this pattern as exception - there is no problem to add this exception via GUI , however I'd like to ask if there is option to add this pattern via tmsh ? Thank you. Y228Views0likes1CommentF5 AWAF Data Guard
According to the online resources, the data guard features will mask response containing sensitive data or block the response. However, if the application itself displays the sensitive information which might be not from the response, will the sensitive information be masked or blocked?65Views0likes8Comments