Applies To:

Show Versions Show Versions

Manual Chapter: Configuration Guide for BIG-IP® Application Security Management: 10 - General System Options
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


10

General System Options


Configuring a user account for policy editing only

The Application Security Manager provides a user role specifically designed for security policy management. You can assign the Application Security Policy Editor user role to those personnel who can edit the security policies, but cannot change any of the local traffic, network, or system settings. For additional information on user roles and user management, refer to the BIG-IP® Network and System Management Guide, which is available on the AskF5 web site at http://tech.f5.com.

To assign the Policy Editor user role to a user

  1. On the Main tab of the navigation pane for the BIG-IP system, expand System, and then click Users.
    The User list screen opens.
  2. Click the Create button.
    The New User Account Properties screen opens.
  3. In the User Name box, type the user's name.
  4. In the Authentication box, type and confirm the user's password.
  5. In the Web User Role list, select Application Security Policy Editor.
  6. Click Finished.
    The screen refreshes and you see the new user account in the list.

Viewing the application security log files

The system log files for the Application Security Manager are accessible from the Configuration utility for the BIG-IP system. Note that these are the log files for general system events and user activity. Security violation events are displayed in the Configuration utility for the Application Security Manager. For more information on logging in general, refer to the BIG-IP® Network and System Management Guide, which is available on the AskF5 web site, http://tech.f5.com.

To view the application security log files

  1. On the Main tab of the navigation pane for the BIG-IP system, expand System, and then click Logs.
    The System Logs list screen opens.
  2. On the menu bar, click Application Security.
    The Application Security log list screen opens, where you can review the logged entries.

Working with the system-supplied regular expressions

The Application Security Manager provides a large assortment of regular expressions and negative regular expressions. You can view and manage this pool of regular expressions outside the context of a security policy.

Note

If you are unfamiliar with regular expression syntax, you can find many helpful books at technology book web sites.

Overview of the regular expressions pool

The regular expressions pool contains all of the system-supplied negative regular expressions. These regular expressions represent known attack patterns. The regular expressions pool also contains any user-defined regular expressions.

To view the system-supplied regular expressions pool

  1. On the Main tab of the navigation pane, expand Application Security, and then click Options.
    The RegExp Pool screen opens.
  2. In the Used in Policy column, you can see whether the regular expression is used by one of the security policies in the configuration.
  3. On this screen, you can also create, edit, or remove a regular expression from the regular expressions pool.
Note

You cannot permanently delete system-supplied regular expressions.

Creating a user-defined regular expression

You can create a user-defined regular expression, and add it to the regular expressions pool.

Important

In general, we recommend that you use the system-supplied regular expressions as is. If you are an advanced user, and you are familiar with POSIX-compliant regular expressions, then you may want to create user-defined regular expressions to add to the regular expressions pool.

To create a user-defined regular expression

  1. On the Main tab of the navigation pane, expand Application Security, and then click Options.
    The RegExp Pool screen opens.
  2. Above the RegExp Pool area, click the Create button.
    The New RegExp screen opens.
  3. In the RegExp Name box, type unique name for the regular expression.
  4. In the RegExp box, type the regular expression syntax.
  5. Optionally, in the Description box, type a description of the regular expression.
  6. Click the Save button.
    The screen refreshes, and the new regular expression is listed in the RegExp Pool list.
Important

We strongly recommend that you use the RegExp Validator to validate the syntax of any user-defined regular expressions.

Validating a user-defined regular expression

The RegExp Validator is a tool that you can use to ensure that a user-defined regular expression has valid syntax.

To use the RegExp Validator

  1. On the Main tab of the navigation pane, expand Application Security, and then click Options.
    The RegExp Pool screen opens.
  2. On the menu bar, click RegExp Validator.
    The RegExp Validator screen opens.
  3. In the RegExp box, type the regular expression syntax.
  4. In the Test String box, type a test string pattern.

Click the Validate button.
The screen refreshes and you see the results of the validation.

Overview of the default negative regular expressions pool for security policies

The default negative regular expressions pool is the collection of regular expressions that the system assigns to a security policy by default. The default pool is a subset of the regular expressions pool.

To view the default negative regular expressions pool

  1. On the Main tab of the navigation pane, expand Application Security, and then click Options.
    The RegExp Pool screen opens.
  2. On the menu bar, click Negative RegExp Defaults.
    The Negative RegExp Policy Defaults screen opens.

You can modify the default pool's contents on a global level, or within the context of a security policy. The following sections of this chapter explain how to modify the default pool on a global level. To modify the regular expressions within the context of a security policy, refer to Working with the negative regular expressions pool .

Adding a regular expression to the default negative regular expressions pool

You can add an existing regular expression to the default negative regular expressions pool. Note that the regular expression that you want to add must already be included in the regular expressions pool, which is explained in Overview of the regular expressions pool .

To add a regular expression to the default negative regular expressions pool

  1. On the Main tab of the navigation pane, expand Application Security, and then click Options.
    The RegExp Pool screen opens.
  2. On the menu bar, click Negative RegExp Defaults.
    The Negative RegExp Policy Defaults screen opens.
  3. Above the Negative RegExp Policy Defaults area, click the Create button.
    The New Negative RegExp screen opens.
  4. For the RegExp Name setting, select the regular expression that you want to add to the default pool.
  5. For the Applies to setting, select the entity to which the system applies the regular expression.
  6. Click the Save button.
    The system updates the configuration, and the Negative RegExp Policy Defaults screen opens.

Removing a regular expression from the default negative regular expressions pool

Depending on the requirements of your web applications, you may not need all of the regular expressions that are in the default negative regular expressions pool. You can easily remove any unnecessary regular expressions.

To remove a regular expression from the default negative regular expressions pool

  1. On the Main tab of the navigation pane, expand Application Security, and then click Options.
    The RegExp Pool screen opens.
  2. On the menu bar, click Negative RegExp Defaults.
    The Negative RegExp Policy Defaults screen opens.
  3. In the Select column, check the Select box next to the regular expression that you want to edit, and then click the Remove button below the Negative RegExp Policy Defaults area.
    A confirmation popup screen opens.
  4. Click OK.
    The system updates the configuration, and removes the regular expression from the pool.
Note

If you inadvertently remove regular expressions that actually belong in the default pool, you can easily restore them. Refer to Restoring the negative regular expressions pool to the default settings , following, for more information.

Restoring the negative regular expressions pool to the default settings

You can restore the default regular expressions from the Negative RegExp Defaults screen. This action updates the default regular expressions pool with any system-supplied regular expressions that you may have removed.

Important

Restoring the default settings for the default negative regular expression pool does not update specific security policy pools with any regular expressions that you may have removed. See Adding a negative regular expression to the pool for a security policy , for more information.

To restore the default negative regular expression pool

  1. On the Main tab of the navigation pane, expand Application Security, and then click Options.
    The RegExp Pool screen opens.
  2. On the menu bar, click Negative RegExp Defaults.
    The Negative RegExp Defaults screen opens.
  3. Below the Negative RegExp Policy Defaults area, click the Restore button.
    A confirmation popup screen opens.
  4. Click OK.
    The system resets the negative regular expressions pool to the default set of regular expressions.



Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)