ASM Deployment

API Security

Manual Chapter v13.1.0: Implementing Web Services Security
Manual Chapter v13.1.0: Creating Parent and Child Security Policies

Fundamental, Enhanced, Comprehensive

Fundamental = Grundlegend
Enhanced = Verbessert
Comprehensive = Umfassend

The following is from the v12 UI (Security – Application Security : Policy Building : Learning and Blocking Settings, Policy Type)

Fundamental	Enhanced Fundamental plus:	Comprehensive Enhanced plus:
HTTP Protocol Compliance Evasion Techniques Learn New File Types + Lengths Learn New Parameters in selective mode at Global level Methods Attack Signatures Request length exceeds defined buffer size Host Names Failed to convert character Learn New Redirection Domains Bad WebSocket handshake request Failure in WebSocket framing protocol Mask not found in client frame Null character found in WebSocket text message Illegal websocket frame length Illegal number of frames per message Illegal binary message length Illegal WebSocket extension	Learn New URLs in selective mode + Meta Characters Learn New Parameters in selective mode + Lengths, at Global level Learn New Cookies Content Profiles Bad WebSocket handshake request Failure in WebSocket framing protocol Mask not found in client frame Null character found in WebSocket text message Illegal websocket frame length Illegal number of frames per message Illegal binary message length Illegal WebSocket extension Illegal cross-origin request Plain text data does not comply with format settings	Learn New URLs + Meta Characters, Classify Request Content Learn New Parameters + Lengths, at URL level, Classify Value Content Parameter Meta Characters Dynamic Parameters: Using Statistics CSRF URLs Header Length Cookie Length Bad WebSocket handshake request Failure in WebSocket framing protocol Mask not found in client frame Null character found in WebSocket text message Illegal websocket frame length Illegal number of frames per message Illegal binary message length Illegal WebSocket extension Illegal cross-origin request Plain text data does not comply with format settings Binary content found in text only WebSocket Text content found in binary only WebSocket

https://devcentral.f5.com/questions/asm-confusion-about-wildcard-selective-all-entities-49185
-> “Add All Entities Creates a comprehensive whitelist policy that includes all web site entities”

Learning Schemes to build a policy

Never (wildcard only), when false positive occur the system will suggest to relax the settings of the wildcard entity.
Selective is that only entity (Parameter name/value, URL etc) that exceeds the Wildcard setting would generate learning suggestion and those learning suggestion are accepted by administrator entity will get included in security policy.
- Selective mode offers intermediate protection between Never (Wildcard Only) and Add All Entities.
- Selective mode is suitable for applications containing entities which use similar or identical attributes.
- Ideally, when you know the policy is mature, you can remove the wildcard
Add All Entities, you will see a suggestion to add an entity by name

BIG-IP ASM Policy Builder updates

BIG-IP 13.0

Updates to Policy Builder in BIG-IP 13.0 include the following enhancements:

Compact mode is an entity learning mode designed to effectively manage high traffic loads and increase policy security.
- Compact mode reduces the amount of learning suggestions, enabling a policy to converge more quickly, and automatically adds disallowed file types.
- Compact mode will never removing the wildcard.
Server Technologies is an option that customizes policies to an application. This option enables Policy Builder to identify the back-end technologies used by an application and add the relevant signatures to the policy.
Client Reputation is a technique that improves learning suggestions by using behavioral analysis to assign a reputation score to a source IP or device ID. Policy Builder ignores sources classified as malicious and speeds learning on sources classified as benign.

BIG-IP 12.0

There are several updates to Policy Builder in BIG-IP 12.0, including the following:

Staging, enforcement, and learning suggestions can be configured manually or by the BIG-IP ASM system.
Security checks Learn, Alarm, and Block are now system-wide settings integrated with Policy Builder.
An improved learning suggestions mechanism handles requests, with or without violations, for manual and automated policy building.

F5 Container Ingress Service

F5 APM Microsoft Exchange 2016

F5 APM SSO Infos

Tuning the OneConnect Profile

Kerberos Delegation & Protocol Transition

BigIP DNS (Formerly GTM)

The Big-IP can be configured to use either tmm or mgmt interfaces for remote authentication (LDAP, TACACS, RADIUS, etc.) traffic.

Useful CLI commands F5

F5 fix Guided Configuration Installation

Flow Traffic TCP

Flow iRule Diagram (Event order)

Upgrade an Active-Standby Cluster

Preserving client IP address in any TCP session

Useful F5 Log Queries

Clearing the LCD and the Alarm LED remotely

APM: Variable Assign

F5 LTM TMSH Base Config

ASM Operation Manual

F5 iControlREST

F5 SNMP useful OIDs to monitor

F5 Programming

ASM Deployment

F5 REST-API (iControlREST)

F5 LTM Config Merge Procedure

F5 APM: Convert attribute values

VPN Client Troubleshooting

F5 Big-IP Advanced Troubleshooting

Send Logfiles to F5 Support and compress them

F5 Troubleshooting Links

F5 Monitoring Links

ASM Deployment

API Security

Fundamental, Enhanced, Comprehensive

Learning Schemes to build a policy

BIG-IP ASM Policy Builder updates

BIG-IP 13.0

BIG-IP 12.0

Links

No Comments