Applies To:

Show Versions Show Versions

Manual: Configuration Guide for the BIG-IP Application Security Module, version 9.2.2

Original Publication Date: 12/12/2005

Table of Contents

Legal Notices

Introducing the Application Security Module

Introducing the BIG-IP system

Overview of the BIG-IP Application Security Module

Summary of the Application Security Module features

Introducing application security for the BIG-IP Local Traffic Manager

Highlights of this configuration guide

Using the Configuration utility

Browser support for the Configuration utility

Identifying referrer objects in the Configuration utility

Stylistic conventions in this document

Using the solution examples

Identifying new terms

Identifying references to products

Identifying references to objects, names, and commands

Identifying references to other documents

Identifying command syntax

Finding help and technical support resources

Essential Configuration Tasks

Overview of the essential configuration tasks

Defining an Application Security Class

Defining a local traffic virtual server and pool

Associating a pool with the Application Security Class

Determining the required security level for the web application

Understanding the security levels

Understanding positive security logic

Configuring and testing the security policy

Testing the security policy with safe traffic

Overview of the Learning process

Special considerations for APC security policies

Transitioning the security policy into blocking mode

Activating blocking mode on the security policy

Setting the active policy for the web application

Maintaining and monitoring the security policy

Working With the Security Policy

What is a security policy?

Building a security policy for a web application

Chapter overview

Working with the security policy properties

Working with the general policy properties

Configuring the security level

Configuring the blocking mode

Configuring the maximum HTTP header length

Configuring the maximum cookie header length

Configuring the flow mode

Overview of the Policy Builder tools

Working with the Blocking Response Page property

Working with the Sensitive Parameters property

Working with the Allowed Modified Cookies property

Working with the Allowed Methods property

Working with the Navigation Parameters property

Working with the security policy elements

Working with the Object Types element

Working with the Web Objects element

Working with the Flows element

Working with the Character Sets element

Working with the Negative Regular Expressions element

Setting the active policy for a web application

Working with the Blocking Policy settings

Configuring alarms and blocking

Understanding security policy violations

Maintaining a security policy

Editing an existing security policy

Copying a security policy

Exporting a security policy

Importing a security policy

Deleting a security policy

Restoring a deleted security policy

Viewing the security policy using the policy audit tools

Refining the Security Policy with Learning Tools

Overview of the Learning tools

Configuring the Learning accept mode

Working with the learning suggestions generated by the Learning Manager

Viewing a specific learning suggestion

Viewing the requests that trigger learning suggestions

Viewing the details of a specific request

Processing the learning suggestions generated by the Learning Manager

Accepting a learning suggestion

Clearing a learning suggestion

Rejecting a learning suggestion

Additional considerations when processing learning suggestions

Working with learning suggestions generated by the Crawler tool

Overview of the Auto-Accept tool

Important considerations regarding the Auto-Accept tool

Configuration limitations of the Auto-Accept tool

Configuring the Auto-Accept tool settings

Running the Auto-Accept tool

Overview of the Forensics screen

Overview of the Ignored Items screen

Working with the Crawler Tool

What is the Crawler tool?

Enhancing the Crawler tool's data collection process

Refining security policies using the Crawler tool and the Learning process

Configuring the Crawler tool settings

Configuring a Crawler domain

Configuring the Start Points component

Configuring the Form Fillers component

Configuring Page Not Found Criteria component

Configuring the Logout Pages component

Configuring the Properties components

Configuring the HTTP Authentication component

Configuring the Object Types Associations component

Running the Crawler tool

Running the Crawler tool in Learning mode

Using the Crawler in Learning mode to update new security policies

Using the Crawler in Learning mode to update existing security policies

Configuring the Crawler tool to run in Learning mode

Using the Policy Browser to collect web application data

Downloading and installing the Policy Browser software

Running the Policy Browser

Configuring the Crawler tool to use the Policy Browser output file

Working with the Statistics and Monitoring Tools

Overview of the statistics and monitoring tools

Working with the Events report

Filtering the Monitoring list

Saving and restoring the events data

Working with the Security reports

Viewing the Security reports

Filtering the Security reports

Working with the Attacks reports

Viewing the Attacks reports

Filtering the Attacks reports

Working with the Executive reports

Viewing the Executive reports

General System Options

Configuring users for policy editing only

Viewing the application security log files

Working with the system-supplied regular expressions

Associating a negative regular expression with a web application object