Applies To:

Show Versions Show Versions

Manual Chapter: Working with Wildcard Entities
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

10 
Wildcard entities are web application entities in the security policy that contain one or more shell-style wildcard characters. You can use wildcard entities to represent file types, URLs, and parameters. Wildcard entities provide flexibility for security policy building. By using wildcard entities, you can efficiently build a security policy without in-depth knowledge of the web application, and reduce the number of violations and false-positives during the initial stages of building a security policy.
The syntax for wildcard entities is based on shell-style wildcard characters. Table 10.1 lists the wildcard characters that you can use in a wildcard entity name.
The easiest wildcard entity to configure is *, which the system interprets as match everything. You can use the * character on its own, or within an entity name.
Important: If you add to the security policy a wildcard URL that does not begin with the asterisk (*) character (for example a*b), the system does not automatically add the slash (/) character before it. You must manually add the slash (/) character before this type of URL for the system to enforce it.
When you configure a wildcard entity, you have the option to enable tightening for that entity. When you enable tightening for a wildcard entity, and the system receives a request that contains an entity that matches the wildcard entity, the system generates a learning suggestion for the found entity. You can then review the new entities, and decide which are legitimate entities for the web application.
Conversely, if the Policy Builder is active, and the traffic source is trusted (either by definition or because of heuristic decisions), the Security Enforcer automatically adds the new specific entity to the security policy.
Important: When you accept learning suggestions, you explicitly add entities to the security policy. The next time the system receives a request with that entity, the Security Enforcer applies the security policy to the explicit entry, and not to its parent wildcard entity. Note also that excessive acceptance of explicit entities may result in security-policy maintenance becoming difficult.
1.
2.
3.
In the New Entities area, in the Entity Type column, click the entity type name (File Types, URLs, or Parameters).
The corresponding new entity type screen opens, where you can review the found entities and the number of occurrences of the found entity. You can click the number of occurrences to open the Requests List for the specific entity type (File Types, URLs, or Parameters).
Tip: The entity type name becomes a hyperlink only when the Security Enforcer has found new entities of that type.
Check for explicit matches
First, the Security Enforcer checks for an explicit match, that is, the Security Enforcer scans the security policy to verify whether it contains the exact entity. If the security policy contains an explicit matching entity, then the system applies the checks that are specified for that entity.
Check for wildcard matches
If the security policy does not contain an explicit matching entity, then the system checks the wildcard entities to determine whether any of them match the requested entity. If the system finds a wildcard match, then the Security Enforcer applies any applicable security checks. If you have enabled tightening for the wildcard entity, then the Security Enforcer generates a learning suggestion for the new entity, which the system displays on the New Entities screen.
If the Security Enforcer does not find an explicit match or a wildcard match, then the system generates a violation for the offending entity. If the triggered violation is in blocking mode, then the system drops the request and sends the Blocking Response page to the client.
File types represent the file type extensions of the files that make up the web application. For example, htm, jsp, and gif are all file types. When you are first building a security policy, you can configure wildcard file types so that the Security Enforcer does not generate false-positive violations.
You can create a wildcard file type so that requests do not generate violations based on the requested file type. If you create a wildcard file type, and also enable tightening, then you can quickly learn which file types are in the protected web application.
1.
On the Main tab of the Application Security navigation pane, click File Types.
The Allowed File Types List screen opens.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
Above the Allowed File Types List area, click Create.
The New Allowed File Type screen opens.
4.
In the Allowed File Type Properties area, for the File Type setting, select Wildcard from the list, and then type a wildcard string in the box (for example, *).
5.
Check the Perform Tightening setting if you want the system to display file types that match the wildcard entity pattern that you specify.
7.
8.
Click the Create button to add the wildcard file type to the security policy.
The screen refreshes, and displays the updated Allowed File Types List screen.
9.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
10.
Click OK.
The system applies the updated security policy.
1.
On the Main tab of the Application Security navigation pane, click File Types.
The Allowed File Types List screen opens.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
In the Allowed File Types List area, in the Type column, click the name of the file type that you want to modify.
The Edit Allowed File Type screen opens.
5.
Click the Update button to update the security policy with any changes you may have made.
The screen refreshes, and displays the Allowed File Types List screen.
6.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
7.
Click OK.
The system applies the updated security policy.
1.
On the Main tab of the Application Security navigation pane, click File Types.
The Allowed File Types List screen opens.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
In the Allowed File Types List area, in the Select column (far left), check the box next to the wildcard file type that you want to remove, and then click the Delete button.
The system displays a popup confirmation screen.
4.
Click OK.
The system deletes the wildcard file type from the configuration.
5.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
6.
Click OK.
The system applies the updated security policy.
When you have configured more than one wildcard file type, you can set the enforcement order, which is the sequence in which the Security Enforcer searches for a match within those wildcard file types. If the Security Enforcer finds a match in the wildcard file types, the Security Enforcer then applies the security checks that are associated with that wildcard entity to the matching entity.
When you are setting the enforcement order, we recommend that you order the wildcard entities from most-specific to least-specific.
1.
On the Main tab of the Application Security navigation pane, click File Types.
The Allowed File Types List screen opens.
2.
On the menu bar, click Order Wildcards.
The Order Wildcards screen opens.
3.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
4.
In the Order Wildcards area, for the Wildcard File Types List setting, make any adjustment to the list order by using the Up and Down buttons.
5.
Click the Save button to save any changes you may have made.
6.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
7.
Click OK.
The system applies the updated security policy.
URLs represent the pages and images that compose the web application. Wildcard URLs use wildcard characters in the URL name. When you are building a security policy, using wildcard URLs reduces the number of false-positives. You can also use wildcard URLs in a security policy when you do not want the overhead of maintaining of explicit URLs. By using wildcard URLs, you can configure security checks for a set of URLs, rather than configuring the security checks for each individual URL.
You can create a wildcard URL so that requests do not generate violations based on the requested URL. If you create a wildcard URL and also enable tightening, then you can quickly learn which URLs are in the protected web application.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
Above the URLs List area, click Create.
The New URL screen opens.
4.
In the Create New URL area, for the URL setting, select Wildcard from the list, and then type a wildcard string in the box (for example, *).
5.
Check the Perform Tightening setting if you want the system to display explicit URLs that match the wildcard entity pattern that you specify.
6.
For the Protocol setting, select the web applications protocol.
7.
Check the XML setting if you want the system to check XML data for the wildcard entity pattern.
8.
For the URL Description setting, type an optional description of the URL.
9.
On the Meta Characters tab, clear the Check characters on this URL setting if you do not want the system to verify the characters in the URL name. If you enable this setting (default), the screen refreshes, and displays additional meta character settings.
10.
From the Global Security Policy Settings list, select (by clicking) any meta character that you want to specifically enforce for this URL, and use the Move button (<<) to add the meta character to the Overridden Security Policy Settings list.
Note: The Overridden Security Policy Settings meta character selections override the global settings for the web applications character set.
11.
Click the Create button to add the wildcard URL to the security policy.
The screen refreshes, and displays the updated URLs List screen.
12.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
13.
Click OK.
The system applies the updated security policy.
Tip: If you enabled the Perform Tightening setting (step 5, previous), then you can review any newly-found entities on the New Entities screen. For more information, see Working with learning suggestions for new entities.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
In the URLs List area, in the URL column, click the name of the URL that you want to modify.
The URL Properties screen opens.
5.
Click the Update button to update the security policy with any changes you may have made.
The screen refreshes, and displays the URLs List screen.
6.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
7.
Click OK.
The system applies the updated security policy.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
In the URLs List area, in the Select column (far left), check the box next to the wildcard URL that you want to remove, and then click the Delete button.
The system displays a popup confirmation screen.
4.
Click OK.
The system deletes the wildcard URL from the configuration.
5.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
6.
Click OK.
The system applies the updated security policy.
When you have configured more than one wildcard URL, you can set the enforcement order, which is the order in which the Security Enforcer searches for a match within those wildcard URLs. If the Security Enforcer finds a match in the wildcard URLs, the Security Enforcer then applies the security checks that are associated with that wildcard entity to the matching entity.
Tip: When you are setting the enforcement order, we recommend that you order the wildcard entities from most-specific to least-specific.
2.
On the menu bar, click Order Wildcards.
The Order Wildcards screen opens.
3.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
4.
In the Order Wildcards area, for the Wildcard URLs List setting, make any adjustment to the list order by using the Up and Down buttons.
5.
Click the Save button to save any changes you may have made.
6.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
7.
Click OK.
The system applies the updated security policy.
You can use wildcard parameters to reduce the number of Illegal parameter violations you receive when you are creating a security policy. You can also use wildcard parameters when you want to build a security policy that does not enforce explicit parameters.
1.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
Above the Parameters List area, click Create.
The New Parameter screen opens.
4.
In the Create New Parameter area, for the Parameter Name setting, select Wildcard from the list, and then type a wildcard string in the box (for example, *).
5.
For the Parameter Level setting, select the appropriate option for this wildcard parameter.
The screen refreshes to display additional settings, depending on the parameter level that you select.
6.
Check the Perform Tightening setting if you want the system to display explicit parameters that match the wildcard entity pattern that you specify.
7.
Check the Allow Empty Value setting if the parameter does not require a value.
8.
For the Parameter Value Type setting, select the appropriate type from the list.
The screen refreshes to display additional settings that are relevant to the parameter value type that you selected.
Note: For detailed information regarding the parameter value type options, refer to Understanding parameter types.
9.
Configure the remaining settings as required, and then click the Create button.
The screen refreshes, and displays the new wildcard parameter.
10.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
11.
Click OK.
The system applies the updated security policy.
Note: If you enabled the Perform Tightening setting (step 6, previous), then you can review any newly-found entities on the New Entities screen. For more information, see Working with learning suggestions for new entities.
There may be occasions when you need to modify the settings for an existing wildcard parameter. You can change the parameter properties, but you cannot change the parameter name.
1.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
In the Parameters List area, in the Parameter Name column, click the name of the wildcard parameter that you want to modify.
The [Global/URL/Flow] Parameter Properties screen opens.
5.
Click the Update button to update the security policy with any changes you may have made.
The screen refreshes, and displays the Parameters List screen.
6.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
7.
Click OK.
The system applies the updated security policy.
1.
2.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
3.
In the Parameters List area, in the Select column (far left), check the box next to the wildcard parameter that you want to remove, and then click the Delete button.
The system displays a popup confirmation screen.
4.
Click OK.
The system deletes the wildcard parameter from the configuration.
5.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
6.
Click OK.
The system applies the updated security policy.
When you have configured more than one wildcard parameter, you can set the enforcement order, which is the order in which the Security Enforcer searches for a match within those wildcard parameters. If the Security Enforcer finds a match in the wildcard parameters, the Security Enforcer then applies the security checks that are associated with that wildcard entity to the matching entity. For wildcard parameters, the system looks for matches in this order: flow parameters, URL parameters, then global parameters.
The Security Enforcer always looks for a match on an explicit parameter first. If the explicit parameter is not found, the Security Enforcer looks for the next possible wildcard match on the current level, that is, flow, URL, or global. This process continues for each parameter level, as shown in Figure 10.1.
Tip: When you are setting the enforcement order, we recommend that you order the wildcard entities from most specific to least specific.
1.
2.
On the menu bar, click Order Wildcards.
The Order Wildcards screen opens.
3.
In the editing context area, ensure that the edited web application and security policy are those that you want to update.
4.
In the Order Wildcards area, for the Global Parameters Wildcards List, the URL Parameters Wildcards List, and the Flow Parameters Wildcards List options, make any adjustment to the lists order by using the Up and Down buttons for each option.
5.
Click the Save button to save any changes you may have made.
6.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
A confirmation popup screen opens.
7.
Click OK.
The system applies the updated security policy.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)