Applies To:

Show Versions Show Versions

Manual Chapter: Security Policy Elements in Each Policy Type
Manual Chapter
Table of Contents   |   << Previous Chapter

Security policy elements included in each policy type

The elements that the system adds to a security policy depend on the policy type you select for automatic policy building. You can set the policy type when creating the security policy in the Deployment wizard or later by modifying the policy settings ( Security > Application Security > Policy Building > Settings > ). When the policy type is set or modified, the Application Security Manager™ (ASM) assigns the Explicit Entities Learning settings as follows:

Table 1. Explicit Entities Learning Settings for Each Policy Type
Security policy element Fundamental Enhanced Comprehensive
File Types Add All Entities Add All Entities Add All Entities
URLs Never (wildcard only) Selective Add All Entities
Parameters Selective (wildcard only) Selective Add All Entities
Cookies Never (wildcard only) Selective Selective
Table 2. Explicit Entities Learning Settings
Setting Description
Add All Entities The Policy Builder includes all of the website entities. This option creates a large set of security policy entities with a granular object level configuration and high security level.
Selective This option applies only to the * wildcard. When false positives occur, the system adds or suggests adding an explicit entity with relaxed settings. This option provides a good balance between security, policy size, and ease of maintenance.
Never (Wildcard Only) When false positives occur, the system suggests relaxing the settings of the wildcard entity. This option creates a security policy that is easy to manage but may result in overall relaxed application security.

ASM™ sets the policy elements in the Automatic Policy Building Settings as follows:

Table 3. Policy Elements
Security Policy element Fundamental Enhanced Comprehensive
HTTP Protocol Compliance Yes Yes Yes
Evasion Techniques Detected Yes Yes Yes
File Type Lengths Yes Yes Yes
Attack Signatures (Applies to policy, parameter, content profile, and cookie signatures) Yes Yes Yes
URL Meta Characters No Yes Yes
Parameter Level Yes at the global parameter level Yes at the global parameter level Yes at the URL parameter level
Parameter Name Meta Characters No Yes Yes
Parameter Value Lengths No Yes Yes
Value Meta Characters (for Parameters and Content Profiles) No No Yes
Allowed Methods No Yes Yes
Request Length Exceeds Defined Buffer Size Yes Yes Yes
Header Length Yes Yes Yes
Cookie Length Yes Yes Yes
Failed to Convert Character Yes Yes Yes
Content Profiles No Yes Yes
Automatically detect advanced protocols No No; but Yes if JSON/XML payload detection selected No; but Yes if JSON/XML payload detection selected
Host Names Yes Yes Yes

Yes means the element is automatically included in the policy type; No means it is not included.

Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Additional Comments (optional)