Applies To:

Show Versions Show Versions

Manual Chapter: Working with Wildcard Entities
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Wildcard entities are web application entities in the security policy that contain one or more shell-style wildcard characters. You can use wildcard entities to represent object types, web objects, and parameters. Wildcard entities provide flexibility for security policy building. By using wildcard entities, you can efficiently build a security policy without in-depth knowledge of the web application, and reduce the number of violations and false positives during the initial stages of building a security policy.
The syntax for wildcard entities is based on shell-style wildcard characters. Table 8.1 lists the wildcard characters that you can use in a wildcard entity name.
The easiest wildcard entity to configure is *, which the system interprets as match everything. You can use the * character on its own, or within an entity name.
When you configure a wildcard entity, you have the option to enable tightening for that entity. When you enable tightening for a wildcard entity, and the system receives a request that contains an entity that matches the wildcard entity, the system generates a learning suggestion for the found entity. You can then review the new entities, and decide which are legitimate entities for the web application.
2.
In the New Entities area, in the Entity Type column, click the entity type name (Object Types, Objects, or Parameters).
The corresponding new entity type screen opens, where you can review the found entities, the last tightening event time, and the number of occurrences of the found entity.
Tip: The entity type name becomes a hyperlink only when the Policy Enforcer has found new entities of that type.
Check for explicit matches
First, the Policy Enforcer checks for an explicit match, that is, the Policy Enforcer scans the security policy to verify whether it contains the exact entity. If the security policy contains an explicit matching entity, then the system applies the checks that are specified for that entity.
Check for wildcard matches
If the security policy does not contain an explicit matching entity, then the system checks the wildcard entities to determine whether any of them match the requested entity. If the system finds a wildcard match, then the Policy Enforcer applies any applicable security checks. If you have enabled tightening for the wildcard entity, then the Policy Enforcer generates a learning suggestion for the new entity, which the system displays on the Entities screen.
If the Policy Enforcer does not find an explicit match or a wildcard match, then the system generates a violation for the offending entity. If the triggered violation is in blocking mode, then the system drops the request and sends the Blocking Response page to the client.
Object types represent the file types for the web application. For example, htm, jsp, and gif are all object types. When you are first building a security policy, you can configure wildcard object types so that the Policy Enforcer does not generate false positive violations.
You can create a wildcard object type so that requests do not generate violations based on the requested file type. If you create a wildcard object type, and also enable tightening, then you can quickly learn which file types are in the protected web application.
1.
On the Main tab of the Application Security navigation pane, click Object Types.
The Object Types List screen opens.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
Above the Object Types List area, click Create.
The New Object Type screen opens.
4.
In the Object Type Properties area, for the Object Type setting, select Wildcard from the list, and then type a wildcard string in the box (for example, *).
5.
Check the Perform Tightening setting if you want the system to display object types that match the wildcard entity pattern that you specify.
7.
8.
Click the Create button to add the wildcard object type to the security policy.
The screen refreshes, and displays the updated Object Types List screen.
9.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
10.
Click OK.
The system applies the updated security policy.
Tip: If you enabled the Perform Tightening setting (step 5, previous), then you can review any newly-found entities on the Entities screen. For more information, see Working with learning suggestions for new entities.
1.
On the Main tab of the Application Security navigation pane, click Object Types.
The Object Types List screen opens.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
In the Object Types List area, in the Type column, click the name of the object type that you want to modify.
The Object Type Properties screen opens.
5.
Click the Update button to update the security policy with any changes you may have made.
The screen refreshes, and displays the Object Types List screen.
6.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
7.
Click OK.
The system applies the updated security policy.
1.
On the Main tab of the Application Security navigation pane, click Object Types.
The Object Types List screen opens.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
In the Object Types List area, in the Select column (far left), check the box next to the wildcard object type that you want to remove, and then click the Delete button.
The system displays a popup confirmation screen.
4.
Click OK.
The system deletes the wildcard object type from the configuration.
5.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
6.
Click OK.
The system applies the updated security policy.
When you have configured more than one wildcard object type, you can set the enforcement order, which is the order in which the Policy Enforcer searches for a match within those wildcard object types. If the Policy Enforcer finds a match in the wildcard object types, the Policy Enforcer then applies the security checks that are associated with that wildcard entity to the matching entity.
Tip: When you are setting the enforcement order, we recommend that you order the wildcard entities from most-specific to least-specific.
1.
On the Main tab of the Application Security navigation pane, click Object Types.
The Object Types List screen opens.
2.
On the menu bar, click Order Wildcards.
The Order Wildcards screen opens.
3.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
4.
In the Order Wildcards area, for the Wildcard Object Types List setting, make any adjustment to the list order by using the Up and Down buttons.
5.
Click the Save button to save any changes you may have made.
6.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
7.
Click OK.
The system applies the updated security policy.
Web objects are the pages and images that compose the web application. Wildcard web objects use wildcard characters in the web object name. When you are building a security policy, using wildcard web objects reduces the number of false positives. You can also use wildcard web objects in a security policy when you do not want the maintenance overhead of explicit web objects. By using wildcard objects, you can configure security checks for a set of objects, rather than configuring the security checks for each individual object.
You can create a wildcard object so that requests do not generate violations based on the requested object. If create a wildcard object, and also enable tightening, then you can quickly learn which web objects are in the protected web application.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
Above the Objects List area, click Create.
The New Object screen opens.
4.
In the Create New Object area, for the Object Name setting, select Wildcard from the list, and then type a wildcard string in the box (for example, *).
5.
Check the Perform Tightening setting if you want the system to display explicit objects that match the wildcard entity pattern that you specify.
6.
For the Protocol setting, select the web applications protocol.
7.
For the Object Description setting, type an optional description of the web object.
8.
On the Meta Characters tab, check the Check characters on this object setting if you want the system to verify the characters in the object name. Note that if you do enable this setting, the screen refreshes, and displays additional meta character settings.
9.
From the Available list, select (by clicking) any meta character that you want to specifically enforce for this object, and use the Move button (<<) to add the meta character to the Assigned list.
Note: The Assigned meta character settings override the global settings for the web applications character set.
10.
Click the Create button to add the wildcard object to the security policy.
The screen refreshes, and displays the updated Objects List screen.
11.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
12.
Click OK.
The system applies the updated security policy.
Tip: If you enabled the Perform Tightening setting (step 5, previous), then you can review any newly-found entities on the Entities screen. For more information, see Working with learning suggestions for new entities.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
In the Objects List area, in the Object column, click the name of the object that you want to modify.
The Object Properties screen opens.
5.
Click the Update button to update the security policy with any changes you may have made.
The screen refreshes, and displays the Objects List screen.
6.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
7.
Click OK.
The system applies the updated security policy.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
In the Objects List area, in the Select column (far left), check the box next to the wildcard object that you want to remove, and then click the Delete button.
The system displays a popup confirmation screen.
4.
Click OK.
The system deletes the wildcard object from the configuration.
5.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
6.
Click OK.
The system applies the updated security policy.
When you have configured more than one wildcard object, you can set the enforcement order, which is the order in which the Policy Enforcer searches for a match within those wildcard objects. If the Policy Enforcer finds a match in the wildcard objects, the Policy Enforcer then applies the security checks that are associated with that wildcard entity to the matching entity.
Tip: When you are setting the enforcement order, we recommend that you order the wildcard entities from most-specific to least-specific.
2.
On the menu bar, click Order Wildcards.
The Order Wildcards screen opens.
3.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
4.
In the Order Wildcards area, for the Wildcard Objects List setting, make any adjustment to the list order by using the Up and Down buttons.
5.
Click the Save button to save any changes you may have made.
6.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
7.
Click OK.
The system applies the updated security policy.
Wildcard parameters are those parameters whose name or value contains wildcard characters. You can use wildcard parameters to reduce the number of Illegal parameter violations you receive when you are creating a security policy. You can also use wildcard parameters when you want to build a security policy that does not enforce explicit parameters.
1.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
Above the Parameters List area, click Create.
The New Parameter screen opens.
4.
In the Create New Parameter area, for the Parameter Name setting, select Wildcard from the list, and then type a wildcard string in the box (for example, *).
5.
For the Parameter Level setting, select the appropriate option for this wildcard parameter.
The screen refreshes to display additional settings, depending on the parameter level that you select.
6.
Check the Perform Tightening setting if you want the system to display explicit parameters that match the wildcard entity pattern that you specify.
7.
Check the Allow Empty Value setting if the parameter does not require a value.
8.
For the Parameter Value Type setting, select the appropriate type from the list.
The screen refreshes to display additional settings that are relevant to the parameter value type that you selected.
Note: For detailed information regarding the parameter value type options, refer to Understanding parameter types.
9.
Configure the remaining settings as required, and then click the Create button.
The screen refreshes, and displays the new wildcard parameter.
10.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
11.
Click OK.
The system applies the updated security policy.
Note: If you enabled the Perform Tightening setting (step 6, previous), then you can review any newly-found entities on the Entities screen. For more information, see Working with learning suggestions for new entities.
There may be occasions when you need to modify the settings for an existing wildcard parameter. You can change the parameter properties, but you cannot change the parameter name.
1.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
In the Parameters List area, in the Parameter Name column, click the name of the wildcard parameter that you want to modify.
The [Global/Object/Flow] Parameter Properties screen opens.
5.
Click the Update button to update the security policy with any changes you may have made.
The screen refreshes, and displays the Parameters List screen.
6.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
7.
Click OK.
The system applies the updated security policy.
1.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
In the Parameters List area, in the Select column (far left), check the box next to the wildcard parameter that you want to remove, and then click the Delete button.
The system displays a popup confirmation screen.
4.
Click OK.
The system deletes the wildcard parameter from the configuration.
5.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
6.
Click OK.
The system applies the updated security policy.
When you have configured more than one wildcard parameter, you can set the enforcement order, which is the order in which the Policy Enforcer searches for a match within those wildcard parameters. If the Policy Enforcer finds a match in the wildcard parameters, the Policy Enforcer then applies the security checks that are associated with that wildcard entity to the matching entity. For wildcard parameters, the system looks for matches in this order: flow parameters, object parameters, then global parameters.
Tip: When you are setting the enforcement order, we recommend that you order the wildcard entities from most-specific to least-specific.
1.
2.
On the menu bar, click Order Wildcards.
The Order Wildcards screen opens.
3.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
4.
In the Order Wildcards area, for the Global Parameters Wildcards List, the Object Parameters Wildcards List, and the Flow Parameters Wildcards List options, make any adjustment to the lists order by using the Up and Down buttons for each option.
5.
Click the Save button to save any changes you may have made.
6.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
7.
Click OK.
The system applies the updated security policy.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)