Applies To:

Show Versions Show Versions

Manual Chapter: Working with Web Applications
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

In the Application Security Manager, a web application is the logical representation of the application traffic, defined in the application security class, that you are protecting with a security policy. When you create an application security class, the system automatically creates a corresponding web application and a default security policy for the web application.
Once you have created any application security classes, you can review the corresponding list of web applications within the application security configuration. The web applications list provides the following summary information:
1.
On the Main tab of the Application Security navigation pane, click Web Applications.
The Web Applications screen opens.
4.
Click a logging profile to view or modify its properties.
Note that you can modify only user-defined logging profiles.
In the Application Security Manager, the web application properties specify the general attributes and preferences for the web application itself. The web application properties help refine how the Application Security Manager processes requests for the web application. The web application properties include:
1.
On the Main tab of the Application Security navigation pane, click Web Applications.
The Web Applications screen opens.
2.
In the Name column, click a web application name.
The Web Application Properties screen opens, where you can view and modify the web applications properties.
Important: For new, unconfigured web applications, when you click the web application name, the Deployment Wizard starts. For more information on working with the Deployment Wizard, refer to BIG-IP® Application Security Manager: Getting Started Guide, which is available at https://support.f5.com.
Every web application has a language encoding that determines the character set that browsers use to display the application. The Application Security Manager supports multiple language encodings. You set the application language so that the Application Security Manager validates the acceptable character set for the application. The Application Security Manager uses the encoding associated with the selected language for security policy editing purposes. The Security Enforcer also uses the language encoding for the web application when applying a security policy to a request.
Tip: For new web applications, setting the language encoding is a step in the Deployment Wizard. F5 recommends that you select the default, Auto detect, when it is available.
1.
On the Main tab of the Application Security navigation pane, click Web Applications.
The Web Applications screen opens.
2.
In the Name column, click the web application name that matches the application security class name.
The Web Application Properties screen opens.
3.
In the Deployment Wizard area, click the Run Deployment Wizard button.
The Deployment Wizard starts.
4.
On the Configure Web Application Properties screen, accept the default property of Auto detect for the Application Language setting.
Note: The language encoding selection is not available for an existing web application when using the Deployment Wizard. For more information about modifying the language encoding selection, see Returning a web application to a new, unconfigured state. For more information on using the Deployment Wizard, refer to BIG-IP® Application Security Manager: Getting Started Guide.
The active security policy is the security policy that the Application Security Manager uses to validate requests for, and responses from, the web application. Only one security policy can be active at a time, even though you may have several security policies configured for the web application.
1.
On the Main tab of the Application Security navigation pane, click Web Applications.
The Web Applications screen opens.
2.
In the Name column, click a web application name.
The Web Application Properties screen opens.
3.
In the Web Application Properties area, from the Active Security Policy list, select the security policy that you want to be the active security policy for the web application. Note that the system automatically enables (checks) the Apply Policy setting when you change the Active Security Policy setting on this screen.
4.
Click Update.
The screen refreshes, and in the Active Security Policy list, you see [A] next to the new active security policy.
Important: You can set the active security policy from most screens in the Configuration utility, in addition to setting it from the Web Application Properties screen, as described above. For more information, see Setting the active policy for a web application.
The default logging profiles determine whether the system logs every request for a web application, logs only those requests that violate the active security policy, or does not log any requests. The logging profile also specifies whether the requests data is stored locally or remotely. You can use a system-supplied logging profile, or you can create a user-defined logging profile. Refer to Configuring logging profiles for web application data, for more information.
Tip: If your web application receives a high volume of requests, you may want to log only those requests that violate the active security policy so that the system resources are not overburdened.
1.
On the Main tab of the Application Security navigation pane, click Web Applications.
The Web Applications screen opens.
2.
In the Name column, click a web application name.
The Web Application Properties screen opens.
3.
In the Web Application Properties area, for the Logging Profile setting, select one of the following options:
Log all requests: Select this option if you want the system to log every request for this web application.
Log illegal requests: Select this option if you want the system to log only requests which trigger a violation according to the currently-active security policy.
No logging: Select this option if you do not want the system to log any requests for this web application.
4.
Click Update.
The system updates the configuration with any changes you may have made.
There may be circumstances when you want to remove all security policies, requests, logging, and configuration information from a web application, and set the web application back to a new, non-configured state. You can do this by using the Reconfigure button on the Web Application Properties screen.
Important: Using the Reconfigure button to clear the configuration information for a web application is a permanent action, and cannot be undone. Use this setting with caution.
1.
On the Main tab of the Application Security navigation pane, click Web Applications.
The Web Applications screen opens.
2.
In the Name column, click a web application name.
The Web Application Properties screen opens.
3.
Above the Web Application Properties area, click the Reconfigure button.
A confirmation popup screen opens.
4.
Click OK to complete the reset action.
The system deletes all data associated with this web application from the configuration.
A web application group is a collection of web applications within the Application Security Manager configuration. Web application groups are made up of two or more web applications. A web application can belong to more than one web application group, however, a web application does not have to belong to a web application group. The Application Security Manager lists web applications that are not members of any web application group in the ungrouped area of the Web Application Groups screen. Recall that there is a one-to-one relationship between application security classes and web applications. In many cases, you may have several application security classes (and thus, web applications) configured for one actual web-based application. You can create a web application group, and then use that group to consolidate the requests, events, and log information about the actual web application.
When you create a web application group, you are creating an association between the member web applications. Once you have created a web application group, you can view statistics, logging, and security events in the context of the web application group, in addition to the individual web applications themselves.
1.
On the Main tab of the Application Security navigation pane, click Web Applications.
The Web Applications screen opens.
2.
On the menu bar, click Web Application Groups.
The Web Application Groups screen opens.
3.
Click the Create button.
The Group Properties screen opens.
4.
In the Name box, type a name for the group.
5.
For the Web Applications setting, from the Available list, select the web applications that you want to add to the new web application group, and use the Move (<<) button to add them to the Members list.
6.
Click Save to update the configuration with the new web application group.
If you no longer require the web application group, you can easily remove the group from the configuration. Note that this action does not delete the web applications themselves.
1.
On the Main tab of the Application Security navigation pane, click Web Applications.
The Web Applications screen opens.
2.
On the menu bar, click Web Application Groups.
The Web Application Groups screen opens.
3.
Check the Select box next to the web application group that you want to delete, and then click Delete.
A confirmation popup screen opens.
4.
Click OK.
The system deletes the web application group.
There are two situations in which the Application Security Manager automatically disables web applications. These situations occur when you:
Disable the Application Security setting on an application security class
The system disables the web application because a web application must have a corresponding application security class.
When the system disables a web application, it moves the web application state from enabled to disabled. You can review the web application state on the Web Applications screen
1.
On the Main tab of the Application Security navigation pane, click Web Applications.
The Web Applications screen opens.
2.
In the Web Applications area, in the State column, you can see which web applications are enabled and which web applications are disabled.
You can re-enable a disabled web application either by creating an application security class with the same name as the disabled web application, or by re-enabling the Application Security setting for an existing application security class. In both cases, the system automatically re-enables the disabled web application, as long as the application security class has the same name, exactly, as the disabled web application.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)