Exced Timeout in Event Logs WAF
I have a issue with a customer WAF, in the Event Logs, it shows me an error in the "triggered violation (I attached a screenshot).", & the request show the status: ilegal. we modify the maximun limitation of 500 to 1000, with recommend F5 docs, and a traffic test was carried out again and the request status is: legal, but the registration of this traffic in Event Logs took a time of 3 minutos, wich is too much. Some recommendation with how resolve? Greetings Friends :),
How to check the disabled rules in ASM Policy
Hi Experts , We would like to know the allowed/disbale url or Parameters configured for the Specific ASM policy . Example: www.example.com is the url for which I would like to know the rules applied . How can I check this? Any way I can pull the detailed configuration of ASM Policy from cli ?
Evaluate WAF Policy with BIG-IQ Policy Analyzer
Introduction With BIG-IQ 8.0, F5 introduced a policy analyzer feature for web application security. It allows you to have an evaluation of your policy with respect to F5 recommended practices. It results in giving your team suggestions on enhancing your application’s security posture from a Web Application Firewall perspective. This article will take you through the process of using the Policy Analyzer feature. The resulting report can be exported to PDF for wider consumption. Using the Policy Analyzer The “Policy Analyzer” feature is available from the Configuration menu on BIG-IQ. Ensure that you login to the BIG-IQ web interface with sufficient privileges to access and view the Application Security Policies and their contents. The figure below shows how to access the policy by selecting the Configuration tab, highlighting the Security menu, expanding the item labelled Web Application Security Selecting the Policies The analyzer feature is available from the “More” menu as shown below: The Policy Analyzer screen provides the 4 main sections outlined below: The Security Score shown above provides a synthetic assessment of the policy based on the severity and number of recommendations. To look into more detail, refer to the recommendations table shown in the figure below. From the screen above, you can select and choose to ignore the recommendations. You can also click on the recommendation to access the feature configuration screen directly. This will allow you modify the policy directly from the Analyzer screen. For example, clicking on the “More than 10% or attack signatures are in staging (…)” entry, points to the policy configuration screen shown below: This allows you to review and hone your policy accordingly and adhere to recommended practices. Once the changes are made, makes sure to Save & Close . Keep in mind that you will need to go through the policy deployment process for the policy to become effective on the BIG-IP. (Deployment >> Web Application Security). Conclusion BIG-IQ’s Policy Analyzer can be used to gain better visibility into your security posture from one central location for your entire application security infrastructure. The insights provided by the Policy Analyzer Tool provide a starting point to gaining visibility in the efficacy of the protection in place.
