WAF Policy upload using AS3
I am using per-app declaration to upload multiple WAF policies in an app. when I post the declaration using POST command, i only get 202 accepted, and in the backend, the F5 uploads the ASM policies. How can I get to know iff all the policies are uploaded successfully or if any have failed? Is there any command or rest api? POST : https:/<f5ip>/mgmt/shared/appsvcs/declare/Demo/applications { "id": "per-app-declaration", "schemaVersion": "3.54.2", "controls": { "class": "Controls", "logLevel": "debug", "trace": true }, "WMS_ASM": { "class": "Application", "template": "generic", "wms_Dispatcher_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_Dispatcher_asm_file.xml" }, "wms_MessageStoreAPI_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_MessageStoreAPI_asm_file.xml" }, "wms_abdg_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_abdg_asm_file.xml" }, "wms_auth_asm_v173": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_auth_asm_file.xml" }, "wms_carrier-info_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_carrier-info_asm_file.xml" }, "wms_cas_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_cas_asm_file.xml" }, "wms_csdui_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_csdui_asm_file.xml" }, "wms_csrkodiak_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_csrkodiak_asm_file.xml" }, "wms_getContactAddlInfo_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_getContactAddlInfo_asm_file.xml" }, "wms_keymanagement_asm_v174": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_keymanagement_asm_file.xml" }, "wms_kodiakidsprov_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_kodiakidsprov_asm_file.xml" }, "wms_lcms_asm_v173": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_lcms_asm_file.xml" }, "wms_mcsxcap_asm_v173": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_mcsxcap_asm_file.xml" }, "wms_mobileapi_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_mobileapi_asm_file.xml" }, "wms_ngcat_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_ngcat_asm_file.xml" }, "wms_oidcxcap_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_oidcxcap_asm_file.xml" }, "wms_tpams_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_tpams_asm_file.xml" }, "wms_wcsr_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_wcsr_asm_file.xml" }, "wms_webdispatcher_asm_v172": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_webdispatcher_asm_file.xml" } } }
Is it possible to select ASM BoT profile from irule?
Hi. . Is it possible to select BoT profile from irule? . Concept is we have different set of IP which need to allow "some" BoT type. That why we can't use whitelist IP in BoT profile because it will allow all BoT type. So We want to use iRule to check if it IP A > use BoT profile which have some exception, but if all other IP > use normally BoT profile. . when HTTP_REQUEST { # Check IP and select BoT profile from that if { [IP::client_addr] eq "A" } { ASM::enable allow_some_bot_profile } else { ASM::enable normally_bot_profile } } ps. I didn't see any document about how to select BoT profile. So I'm not sure if ASM::enable can do that.AS3 Storage
I declared 2 WAF polices using AS3, now I deleted one using the tmsh command. In the bigip.conf I can see only 1 WAF policy, but while I do a GET api call for that App, I am still getting 2 WAF policies. It is persistent on reboots. Where does F5 store the AS3 declaration? From where am I getting both the WAF policies (from where f5 is returning the original as3 declaration?) in Rest api : https:///mgmt/shared/appsvcs/declare/Dummy/applications/SYNCGW_Common "wms_egls_asm_v174": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_egls_asm_file.xml", "ignoreChanges": true }, "wms_egls_asm_v173": { "class": "WAF_Policy", "file": "/var/tmp/v17/wms_egls_asm_file.xml", "ignoreChanges": true } In Bigip.conf: asm policy /Dummy/SYNCGW_Common/wms_egls_asm_v174 { active encoding utf-8 }
How to allow Request getting blocked due to Malformed JSON data
Hi Everyone, I've little trouble understanding how i can allow this request. Requests are getting blocked at WAF end due to "Malformed JSON data" violation (Illegal character encountered - json syntax error -" / ") Can i allow / (forward slash) character to provide exception for this violation & keep malformed json data blocking setting as it is. and how can i achieve this.
F5 ASM XML processing - policy name.
Hello, we have an error message in logs: ASM out of memory error: event code X89 Exceeded maximum memory assigned for XML processing we have already increased both variables total_xml_memory and additional_xml_memory_in_mb to 4GB but they still appear. What i wanted to ask if its possible to identify which ASM policy generates these logs? Or which policy is responsible for the most of xml memory usage? Is it possible to create an irule that will check this and assign custom violation with policy name (and request details) that raised this violation regarding xml memory? Because as it is now we would have to further increase additional xml memory variable and maybe its better to troubleshoot why is it getting exceeded in the first place?
Configuration of Pools VS LTM Policies and AWAF for Multiple Applications on Same Backend
I need your assistance and confirmation regarding a critical deployment involving F5 AWAF for internal applications. We have six internal applications accessible through the following URLs:https://gtt.XXX.ma:8443/gtt/;https://po.XXX.gov.ma:8443/po/;https://rpe.XXX.gov.ma/RPE/ https://sos.XXX.gov.ma/sos/;https://ant.XXX.gov.ma/ANT/;https://testcad.XXX.ma/testcad/. All these applications point to the same backend server at IP address 192.168.100.30. The DNS records for all of them resolve to the same IP address: 192.168.221.30. We are planning to configure two Virtual Servers using the same virtual IP address 192.168.200.20: One VS for applications running on port 443 ;One VS for applications running on port 8443: Each VS will have a dedicated LTM policy: One policy for the applications on port 443. Another policy for the applications on port 8443 . ach application must have its own dedicated AWAF (ASM) policy. Could you please confirm if this configuration is valid and supported by F5? Also we would like your recommendation on the following points: Should we configure a shared pool for all applications or a separate pool for each one?. Is the dual VS approach (with same IP but different ports) acceptable?. Is it the right approach to use LTM policies for routing requests and applying specific ASM policies per application? This deployment is critical and currently in preparation for production.'F5 rules for AWS WAF' ruleset not working for jsp web shell attack
I have subscribed to 'F5 rules for AWS WAF' Common Vulnerabilities & Exposures (CVE) Rules in AWS market place and protected the ALB's. Even after enabled, I see my web server got affected by jsp web shell attack and found war file deployed by unauthorized user. Can you please let me know what are the rules available to protect from jsp web shell attack?
