AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Print

Manual: BIG-IP Application Security Manager: Applies To:

Hide Versions
Implementations BIG-IP ASM
11.6.0

Original Publication Date: 12/10/2014

Preventing DoS Attacks on Applications

What is a DoS attack?
About recognizing DoS attacks

When to use different DoS protections

About configuring TPS-based DoS protection

About configuring latency-based DoS protection

About DoS prevention policy

About geolocation mitigation

About heavy URL protection

About proactive bot defense

About cross-domain requests

About site-wide DoS mitigation

About DoS protection and HTTP caching

Overview: Preventing DoS attacks on applications

Configuring DoS protection for applications

Configuring TPS-based DoS protection

Configuring latency-based DoS protection

Configuring heavy URL protection

Configuring CAPTCHA for DoS protection

Recording traffic during DoS attacks

Configuring proactive bot defense

Associating a DoS profile with a virtual server

Implementation Result

Viewing DoS reports, statistics, and logs

Overview: Viewing DoS reports, statistics, and logs
Investigating DoS attacks and mitigation

1 de 15 29/10/15 10:40
AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Sample DoS Overview Summary

Viewing DoS application statistics

Traffic distribution in DoS application statistics

Sample DoS Statistics reports

Displaying DoS event logs

Sample DoS event logs

Viewing URL Latencies reports

Sample URL Latencies report

Creating customized DoS reports

Configuring DoS Policy Switching

About DoS protection and local traffic policies

Overview: Configuring DoS policy switching

Creating a DoS profile for Layer 7 traffic

Modifying the default DoS profile

Creating a local traffic policy for DoS policy switching

Creating policy rules for DoS policy switching

Associating a DoS profile with a virtual server

Associating a local traffic policy with a virtual server

Implementation results

Mitigating Brute Force Attacks

About mitigation of brute force attacks

Overview: Mitigating brute force attacks

Creating login pages

Configuring brute force protection

Viewing brute force attack reports

Displaying brute force event logs

Detecting and Preventing Web Scraping

Overview: Detecting and preventing web scraping
Prerequisites for configuring web scraping

Adding allowed search engines

Allowed search engines

Detecting web scraping based on bot detection

Detecting web scraping based on session opening

2 de 15 29/10/15 10:40
AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Detecting web scraping based on session transactions

Using fingerprinting to detect web scraping

Displaying web scraping event logs

Web scraping attack examples

Web scraping attack types

Viewing web scraping statistics

Web scraping statistics chart

Implementation Result

Setting Up IP Address Intelligence Blocking

Overview: Setting up IP address intelligence blocking
Enabling IP address intelligence

Setting up IP address intelligence blocking

Reviewing IP address intelligence statistics

Creating an iRule to log IP address intelligence information

Creating an iRule to reject requests with questionable IP addresses

IP address intelligence categories

Managing IP Address Exceptions

Overview: Managing IP address exceptions
Creating IP address exceptions

Deleting IP address exceptions

Updating IP address exceptions

Enforcing Application Use at Specific Geolocations

Overview: Enforcing application use in certain geolocations

Enforcing application use in certain geolocations

Setting up geolocation enforcement from a request

Creating Login Pages for Secure Application Access

About creating login pages
Creating login pages

Login page access validation criteria

Enforcing login pages

Protecting Sensitive Data with Data Guard

About protecting sensitive data with Data Guard

Response headers that Data Guard inspects

3 de 15 29/10/15 10:40
AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Protecting sensitive data

Masking Credit Card Numbers in Logs

Overview: Masking credit card numbers in logs
Masking credit card numbers in request logs

Displaying Reports and Monitoring ASM

ASM Reporting Tools

Displaying an application security overview report

Analyzing requests with violations

Ways to analyze a request

Creating a report containing selected requests

Generating PCI Compliance reports

Sample PCI Compliance report

Configuring Application Security Event Logging

About logging profiles

Creating a logging profile

Setting up remote logging

Associating a logging profile with a security policy

About logging responses

About ArcSight log message format

Filtering logging information

Viewing application security logs

Configuring Application Security Session Tracking

Overview: Tracking application security sessions using login pages
Creating login pages

Enforcing login pages

Setting up session tracking

Monitoring user and session information

Tracking specific user and session information

Tracking Application Security Sessions with APM

Overview: Tracking application security sessions using APM

Prerequisites for setting up session tracking with APM

Creating a VLAN

Creating a self IP address for a VLAN

Creating a local traffic pool for application security

4 de 15 29/10/15 10:40
AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Creating a virtual server to manage HTTPS traffic

Creating a security policy automatically

Creating an access profile

Configuring an access policy

Adding the access profile to the virtual server

Setting up ASM session tracking with APM

Monitoring user and session information

Mitigating Open Redirects

Overview: Mitigating open redirects
Mitigating open redirects

Configuring how open redirects are learned

Enforcing redirection domains

Implementation results

Setting Up Cross-Domain Request Enforcement

About cross-domain request enforcement
Setting up cross-domain request enforcement

How cross-domain request enforcement works

Implementing Web Services Security

Overview: Implementing web services security
About client and server certificates

Adding client and server certificates

Enabling encryption, decryption, signing, and verification of SOAP messages

Writing XPath queries

Syntax for XPath expressions

XPath query examples

Configuring blocking actions for web services security

Fine-tuning Advanced XML Security Policy Settings

Fine-tuning XML defense configuration

Advanced XML defense configuration settings

Masking sensitive XML data

Overriding meta characters based on content

Managing SOAP methods

Adding JSON Support to an Existing Security Policy

5 de 15 29/10/15 10:40
AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Overview: Adding JSON support to existing security policies

Creating a JSON profile

Associating a JSON profile with a URL

Associating a JSON profile with a parameter

Implementation result

Automatically Creating Security Policies for AJAX Applications

Application security for applications that use AJAX

Overview: Creating a security policy for applications that use AJAX

Creating a security policy automatically

Reviewing security policy status

Implementation result

Adding AJAX Blocking Response Behavior to a Security Policy

Overview: Adding AJAX blocking and login response behavior

Configuring the blocking response for AJAX applications

Securing Web Applications Created with Google Web Toolkit

Overview: Securing Java web applications created with Google Web Toolkit elements
Creating a Google Web Toolkit profile

Associating a Google Web Toolkit profile with a URL

Implementation result

Refining Security Policies with Learning

About learning

Learning resources

About learning suggestions

What requests are unlearnable?

Fine-tuning a security policy

Configuring explicit entities learning

Viewing requests that caused learning suggestions

Accepting learning suggestions

Clearing learning suggestions

Viewing ignored entities

About enforcement readiness

Enforcing entities

Disabling learning on violations

6 de 15 29/10/15 10:40
AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Configuring Security Policy Blocking

About security policy blocking
Changing security policy enforcement

Configuring blocking actions for violations

About blocking actions

Configuring HTTP protocol compliance validation

Configuring blocking actions for web services security

Configuring What Happens if a Response is Blocked

Overview: Configuring what happens if a response is blocked
Configuring responses to blocked requests

Configuring responses to blocked logins

Customizing responses to blocked XML requests

Configuring General Security Policy Building Settings

About general security policy building settings

Changing the policy type

Security policy elements included in each policy type

Configuring explicit entities learning

Adjusting the parameter level

Configuring Manual Security Policy Settings

Editing an existing security policy

Changing security policy enforcement

Adjusting the enforcement readiness period

Viewing whether a security policy is case-sensitive

Differentiating between HTTP and HTTPS URLs

Specifying the response codes that are allowed

Activating iRule events

Application security iRule events

Configuring trusted XFF headers

Adding host names

About adding multiple host names

Protecting against CSRF

Adding File Types to a Security Policy

About adding file types

Adding allowed file types

7 de 15 29/10/15 10:40
AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Wildcard syntax

Adding disallowed file types

Adding Parameters to a Security Policy

About adding parameters to a security policy
Creating global parameters

Creating URL parameters

Creating flow parameters

Creating sensitive parameters

Creating navigation parameters

Creating parameters with dynamic content

Creating parameters with dynamic names

Changing character sets for parameter values

Changing character sets for parameter names

Adjusting the parameter level

Parameter Value Types

How the system processes parameters

About path parameters

Enforcing path parameter security

Securing Base64-Encoded Parameters

Overview: Securing Base64-Encoded Parameters

Adding base64 decoding to a new user-input parameter

Adding base64 decoding to an existing user-input parameter

Adding URLs to a Security Policy

About adding URLs

About referrer URLs

Adding allowed URLs

Wildcard syntax

Allowed URL properties

Adding disallowed URLs

Enforcing requests for URLs based on header content

Specifying characters legal in URLs

Configuring flows to URLs

Creating flow parameters

8 de 15 29/10/15 10:40
AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Configuring dynamic flows to URLs

Configuring dynamic session IDs in URLs

Adding Cookies
About cookies
About pure wildcard cookies

Wildcard syntax

About cookies and learning

About adding cookies

Adding allowed cookies

Adding enforced cookies

Changing the order in which wildcard cookies are enforced

Editing cookies

Deleting cookies

Specifying when to add explicit cookies

Configuring the maximum cookie header length

Configuring Advanced Cookie Protection

Overview: Configuring advanced cookie protection
Reconfiguring cookie protection

Importing cookie protection configuration

Exporting cookie protection configuration

Adding Allowed Methods to a Security Policy

Adding allowed methods

Configuring HTTP Headers

About mandatory headers

About header normalization

About default HTTP headers

Overview: Configuring HTTP headers

Configuring HTTP headers

Configuring the maximum HTTP header length

Implementation Result

Configuring How a Security Policy is Automatically Built

Overview: Configuring automatic policy build settings
Configuring automatic policy building settings

About security policy elements

9 de 15 29/10/15 10:40
AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Modifying security policy elements

About automatic policy building rules

About automatic policy building stages

Modifying security policy rules

Adding trusted IP addresses to a security policy

Learning from responses

Specifying when to add dynamic parameters

Collapsing entities in a security policy

Learning based on response codes

Limiting the maximum number of policy elements

Specifying the file types for wildcard URLs

Restoring default values for automatic policy building

Stopping and starting automatic policy building

Configuring General ASM System Options

Adjusting system preferences

Incorporating external antivirus protection

Creating user accounts for application security

Validating regular expressions

Working with Violations

About violations
Viewing descriptions of violations

Changing severity levels of violations

Types of violations

About violation rating

Investigating potential attacks

Overview: Creating user-defined violations

Creating user-defined violations

Enabling user-defined violations

Sample iRules for user-defined violations

Deleting user-defined violations

Exporting and importing user-defined violations

Working with Attack Signatures

About attack signatures

10 de 15 29/10/15 10:40
AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

About attack signature staging

Types of attacks that attack signatures detect

Attack signature properties

Overview: Creating and assigning attack signature sets

About attack signature sets

List of attack signature sets

Creating a set of attack signatures

Assigning signature sets to a security policy

Viewing the signature sets in a security policy

Viewing the attack signatures in a security policy

Enabling or disabling a specific attack signature

Enabling or disabling staging for attack signatures

Overriding attack signatures based on content

Overview: Managing the attack signature pool

Updating the attack signature pool

Getting email about signature updates

Viewing the attack signature pool and signature details

Overview: Creating user-defined attack signatures

Creating a user-defined attack signature

Importing user-defined attack signatures

Exporting user-defined attack signatures

About attack signatures in XML format

Maintaining Security Policies

Overview: Activating and deactivating security policies
Deactivating security policies

Activating security policies

Deleting security policies

Overview: Importing and exporting security policies

About security policy export formats

Exporting security policies

Importing security policies

Overview: Comparing security policies

Comparing security policies

11 de 15 29/10/15 10:40
AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Overview: Merging security policies

Merging security policies

Configuring ASM with Local Traffic Policies

About application security and local traffic policies

About application security and manually adding local traffic policies

Overview: Configuring ASM with local traffic policies

Creating a security policy automatically

Creating local traffic policy rules for ASM

Implementation results

Automatically Synchronizing Application Security Configurations

Overview: Automatically synchronizing ASM systems
About device management and synchronizing application security configurations

Considerations for application security synchronization

Performing basic network configuration for synchronization

Specifying an IP address for config sync

Establishing device trust

Creating a Sync-Failover device group

Syncing the BIG-IP configuration to the device group

Specifying IP addresses for failover communication

Creating a Sync-Only device group

Enabling ASM synchronization on a device group

Synchronizing an ASM-enabled device group

Implementation result

Manually Synchronizing Application Security Configurations

Overview: Manually synchronizing ASM systems
About device management and synchronizing application security configurations

Considerations for application security synchronization

Performing basic network configuration for synchronization

Specifying an IP address for config sync

Establishing device trust

Creating a Sync-Failover device group

Syncing the BIG-IP configuration to the device group

Specifying IP addresses for failover communication

Enabling ASM synchronization on a device group

12 de 15 29/10/15 10:40
AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Synchronizing an ASM-enabled device group

Implementation result

Synchronizing Application Security Configurations Across LANs

Overview: Synchronizing ASM systems across LANs
About device management and synchronizing application security configurations

Considerations for application security synchronization

Performing basic network configuration for synchronization

Specifying an IP address for config sync

Establishing device trust

Creating a Sync-Failover device group

Syncing the BIG-IP configuration to the device group

Specifying IP addresses for failover communication

Creating a Sync-Only device group

Enabling ASM synchronization on a Sync-Only device group

Synchronizing an ASM-enabled device group

Implementation result

Integrating ASM with Database Security Products

Overview: Integrating ASM with database security products
Creating a security policy automatically

Creating login pages

Enforcing login pages

Configuring a database security server

Enabling database security integration in a security policy

Implementation result

Integrating ASM and APM with Database Security Products

Overview: Integrating ASM and APM with database security products

Prerequisites for integrating ASM and APM with database security

Creating a VLAN

Creating a self IP address for a VLAN

Creating a local traffic pool for application security

Creating a virtual server to manage HTTPS traffic

Creating a security policy automatically

Creating an access profile

13 de 15 29/10/15 10:40
AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Configuring an access policy

Adding the access profile to the virtual server

Configuring a database security server

Enabling database security integration with ASM and APM

Implementation result

Securing FTP Traffic Using the Default Configuration

Overview: Securing FTP traffic using default values
Creating an FTP service profile with security enabled

Enabling protocol security for an FTP virtual server

Reviewing violation statistics for security profiles

Securing FTP Traffic Using a Custom Configuration

Overview: Securing FTP traffic using a custom configuration
Creating a custom FTP profile for protocol security

Creating a security profile for FTP traffic

Modifying associations between service profiles and security profiles

Configuring an FTP virtual server with a server pool

Reviewing violation statistics for security profiles

Securing SMTP Traffic Using the Default Configuration

Overview: Securing SMTP traffic using system defaults
Creating an SMTP service profile with security enabled

Creating an SMTP virtual server with protocol security

Reviewing violation statistics for security profiles

Securing SMTP Traffic Using a Custom Configuration

Overview: Creating a custom SMTP security profile
Creating a custom SMTP service profile

Creating a security profile for SMTP traffic

Enabling anti-virus protection for email

Modifying associations between service profiles and security profiles

Creating and securing an SMTP virtual server and pool

Reviewing violation statistics for security profiles

Configuring Remote High-Speed Logging of Protocol Security Events

Overview: Configuring Remote Protocol Security Event Logging
Creating a pool of remote logging servers

14 de 15 29/10/15 10:40
AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Creating a remote high-speed log destination

Creating a formatted remote high-speed log destination

Creating a publisher

Creating a custom Protocol Security Logging profile

Configuring a virtual server for Protocol Security event logging

Disabling logging

Implementation result

15 de 15 29/10/15 10:40