LTM Policy to select pool based on TCP port is not working
Hello Everyone, We are trying to do a POC where there is one Virtual Server listening on port '0' (basically all ports) and we would want to select the pool based on the remote port number using LTM Policy, however, its is not working. Any help on this please. For example http://192.168.1.25:45000 select pool WebApp_Odessa http://192.168.1.25:45005 select pool WebApp_Jasper We did set up the policy as below. TCP port is '45000' at client accepted time. Forward traffic to pool '/Common/WebApp_Odessa' at client accepted time. TCP port is '45005' at client accepted time. Forward traffic to pool '/Common/WebApp_Jasper' at client accepted time.
F5 ASM learning new parameters while being in blocking mode.
Hi, I have my ASM protecting many web applications. The problem is that some of the applications/websites, don´t have that much traffic, but some of the websites have a lot of Forms etc. Since the traffic is not to much, it didn´t learned all of the parameters of the website while it was on transparent mode, and even some of the parameters learned don´t have all the meta characters allowed. Question 1: If i disable the value meta character on the parameter itself, does it still block attacks like XSS, SQLi etc? Question 2: Is there a way to have my policies in block mode, but do not block new parameters that are added by developers as an example, and then accessed by users? Question 3: Do you guys keep the Wildcard * parameter in blocking state or leave it in staging ? Question 4: When policy is in automatic, i detected that if a parameter in the website that should allow alpha-numeric values, if it gets a lot of hits by users that just post numeric values ( lets say username) the policy change the parameter data type to integer itself, and after that if some user as a username that have letters in it, will get blocked. What is the better way to get over this. Manual (extensive work checking all the policies every day) or automatic ( some things stop working after some time so have to correct it mannually), or is there and alternative in the Learning and blocking settings that allow to loosen the policy keeping it secure and manageable?
