Applies To:

Show Versions Show Versions

Manual Chapter: Configuration Guide for the BIG-IP® Application Security Module: General System Options
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


7

General System Options


Configuring users for policy editing only

When you use the Application Security Module on the BIG-IP Local Traffic Manager, the LTM system provides a user role specifically designed for security policy management. You can assign the Policy Editor user role to those personnel who can edit the security policies, but cannot change any of the LTM settings. For additional information on user roles and user management, refer to the BIG-IP Network and System Management Guide, which is available on the AskF5 web site, http://tech.f5.com.

To assign the Policy Editor user role to a user

  1. On the Main tab of the navigation pane for the Local Traffic Manager, expand System, and then click Users.
    The User list screen opens.
  2. Click the Create button.
    The New User Account Properties screen opens.
  3. In the User Name box, type the user's name.
  4. In the Authentication box, type and confirm the user's password.
  5. In the Web User Role list, select Application Security Policy Editor.
  6. Click Finished.
    The screen refreshes and you see the new user account in the list.

Viewing the application security log files

The system log files for the Application Security Module are accessible from the Configuration utility for the Local Traffic Manager. Note that these are the log files for general system events and user activity. Security violation events are displayed in the Configuration utility for the Application Security Module. For more information on logging in general, and on logging for the Local Traffic Manager, refer to the BIG-IP Network and System Management Guide, which is available on the AskF5 web site, http://tech.f5.com.

To view the application security log files

  1. On the Main tab of the navigation pane for the Local Traffic Manager, expand System, and then click Logs.
    The System Logs list screen opens.
  2. On the menu bar, click Application Security.
    The Application Security log list screen opens, where you can review the logged entries.

Working with the system-supplied regular expressions

The Application Security Module provides a large assortment of regular expressions and negative regular expressions. You can view and manage this pool of regular expressions outside the context of a security policy. If you are unfamiliar with regular expression syntax, you can find many helpful books at many technology book web sites.

Important

In general, we recommend that you use the system-supplied regular expressions as is. If you are an advanced user, and you are familiar with POSIX-compliant regular expressions, then you may want to create custom regular expressions.

To view the system-supplied regular expressions

  1. On the Main tab of the navigation pane, expand Application Security, and then click Options.
    The RegExp Pool screen opens.
  2. In the Used in Policy column, you can see whether the regular expression is used by one of the security policies in the configuration.
  3. On this screen, you can also create, edit, or delete a regular expression from the general pool.

To view the default negative regular expressions

  1. On the Main tab of the navigation pane, expand Application Security, and then click Options.
    The RegExp Pool screen opens.
  2. On the menu bar, click Negative RegExp Defaults.
    The Negative RegExp Policy Defaults screen opens.

Associating a negative regular expression with a web application object

When you create a new security policy, the system automatically associates many of the regular expressions in the default pool with the appropriate web application object or objects. The default settings are sufficient in most cases, and provide an acceptable level of security for the web application. If your web application requires additional security beyond the system settings, you can assign the regular expressions in the default pool to any of the following web application objects: object path, headers, parameter key and value pairs, and web server response.

To assign an expression to an application object

  1. On the Main tab of the navigation pane, expand Application Security, and then click Options.
    The RegExp Pool screen opens.
  2. On the menu bar, click Negative RegExp Defaults.
    The Negative RegExp Policy Defaults screen opens.
  3. Click the Create button above the list.
    The New Negative RegExp screen opens.
  4. In the RegExp Name list, select the name of the regular expression you want to associate with an application object.
  5. In the Apply To list, select the web application object with which you want to associate the selected regular expression.
    Option
    Applies the regular expression to
    Object
    The object path of the request.
    Response
    Web application errors that occur as a result of an attempted attack on the web application.
    Header value
    The HTTP header in the request.
    Parameter=Value Pairs
    The parameter key and value pairs included in the request, both in the query string and in the POST data.
  6. In the Except RegExp box, you can type a regular expression that defines an exception to the rule defined by the regular expression you selected in the RegExp Name list.
  7. Click the Save button.
    The screen refreshes, and the new regular expression definition appears in the list.



Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)