Applies To:

Show Versions Show Versions

Manual Chapter: Internal Parameters for Advanced Configuration
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

The Application Security Manager has several internal parameters that control how the product functions. In most cases, you do not need to change the internal parameters from their default settings. Table D.1 lists the internal parameters, their default values, and a description of their purpose.
Important: F5 Networks recommends that you change the values of parameters only with the guidance of Technical Support.
Specifies, when set to 0, that if a request arrives with no main ASM cookie (entry point) then every domain cookie that is not configured as an allowed cookie is considered an illegal domain cookie.
When set to 1, all cookies are accepted at entry points.
11112222333344445555666677778888 (key)
Allows the Security Enforcer to determine the time (in seconds) for which the ASM cookie data is valid.
Specifies the maximum age value (in seconds) assigned to the Max-Age attribute of the ASM cookie. When set to 0, ASM cookies never expire.
Defines how often the Security Enforcer renews the ASM cookie time. This internal parameter is tightly coupled with cookie_expiration_time_out (in seconds).
Defines a maximum URI length that the Security Enforcer can support in its internal buffers. If this number is higher (more permissive) than the internal URI-length limit defined per file type, the internal file-type limit is the actual limit. Exceeding this internal limit triggers the HTTP protocol compliance failed violation.
^\s*[+-]?\d*(\.\d+)?\s*$ (regular expression)
Specifies the regular expression that defines a valid pattern for parameter values of type decimal.
^\s*([\w.-]+)@([\w.-]+)\s*$ (regular expression)
Specifies the regular expression that defines a valid pattern for parameter values of type email.
^\s*[0-9 ()+-]+\s*$
(regular expression)
Specifies the regular expression that defines a valid pattern for parameter values of type phone number.
Specifies the maximum number of concurrent FTP connections that the Protocol Security Module can manage.
Specifies the maximum number of cryptographic operations allowed per document by Web Services encryption and decryption.
Specifies the maximum number of concurrent sessions that the Security Enforcer can handle.
Specifies the maximum number of concurrent SMTP connections that the Protocol Security Module can manage.
Specifies the maximum number of violation entries per violation type kept in memory. Note that this parameter applies only to the security profiles in the Protocol Security Module.
Specifies the maximum number of concurrent long requests that the Security Enforcer can handle. A long request is a request longer than request_buffer_size and less than long_request_buffer_size.
Specifies, when set to 1, that data collection is enabled for both the graphs on the Overview screen and also for the Denial of Service attack prevention feature.
When set to 0, data collection is disabled.
Specifies how the system distinguishes between HTTP and HTTPS URLs. If the value is -1, the system decides whether the object requested is an HTTP request or an HTTPS request based on the incoming traffic. If the value is 0, the system treats all incoming URL requests as HTTP requests. If the value is 1, the system treats all incoming URL requests as HTTPS requests.
Specifies the number of requests per second that the Security Enforcer can enter into the proxy log.
Specifies the maximum buffer size for a single instance of the accumulated response buffers. The system accumulates response buffers until their total size reaches the max_filtered_html_length.
0 (number of CPUs determines number of threads)
Specifies, when the value is greater than zero, the number of threads that the Security Enforcer uses for protocol security. When the value is 0, the number of CPUs in the system determines the number of threads.
0 (number of CPUs determines number of threads)
Specifies, when the value is greater than zero, the number of threads that the Security Enforcer uses for application security. When the value is 0, the number of CPUs in the system determines the number of threads.
Specifies the maximum memory size (in kilobytes) available for the Security Enforcers memory pools.
1.
In the Application Security navigation pane, click Options.
The Attack Signatures screen opens.
2.
On the menu bar, click Advanced Configuration.
The Advanced Configuration screen opens, where you can review the settings for the internal parameters.
Important: F5 Networks recommends that you change the values for the internal parameters only with the guidance of the technical support staff.
If you change any of the parameter values for the internal parameters, it is easy to restore the default settings for those values.
1.
In the Application Security navigation pane, click Options.
The Attack Signatures screen opens.
2.
On the menu bar, click Advanced Configuration.
The Advanced Configuration screen opens.
3.
Above (or below) the Advanced Configuration area, click the Restore Defaults button.
The system resets any changed parameter values to their factory settings.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)