Applies To:

Show Versions Show Versions

Manual Chapter: Working with Web Applications
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

In Application Security ManagerTM, a web application is the logical representation of the application traffic, defined in the application security class, that you are protecting with a security policy. When you create an application security class, the system automatically creates a corresponding web application for that application. For detailed information on application security classes, refer to Chapter 3, Working with Application Security Classes.
You can configure one active security policy for each web application in Application Security Manager. If you have a complex application web site to support, it is possible to create different security policies to protect different parts of the application (such as different security for employee data and customer data). You can create multiple application security classes, thus creating multiple application security web applications and multiple security policies in Application Security Manager, to support one application web site for your company.
Once you have created any application security classes, you can review the corresponding list of web applications within the application security configuration. The web applications list provides the following summary information:
The name of the virtual server, or virtual servers where the HTTP class (with the same name as the web application) was assigned
Figure 4.1 shows an example of a web application list.
1.
In the navigation pane, expand Application Security and click Web Applications.
The Web Application List screen opens.
Click the Configure Security Policy link to start the Deployment wizard.
Click a logging profile to view or modify its properties. Note that you can modify only user-defined logging profiles.
In the Application Security Manager, the web application properties specify the general attributes and preferences for the web application itself. The web application properties help refine how the Application Security Manager processes requests for the web application. The web application properties include:
1.
In the navigation pane, expand Application Security and click Web Applications.
The Web Application List screen opens.
2.
In the Name column, click a web application name.
The Web Application Properties screen opens, where you can view and modify the web applications properties, or run the Deployment wizard.
For new, unconfigured web applications, when you click the web application name, the Deployment wizard starts. For more information on working with the Deployment wizard, refer to BIG-IP® Application Security Manager: Getting Started Guide.
Every web application has a language encoding that determines the character set the browsers use to both display the page and send any form data submitted. The Application Security Manager supports multiple language encodings.
You can configure the language for new web applications (or those you want to reconfigure), and you set the language encoding using the Deployment wizard. F5 Networks recommends that you select the default setting, Auto detect, when it is available. The Application Security Manager determines the acceptable character set for the application.
Note: Once you set the web application language, you cannot change it unless you reconfigure the web application completely, losing all settings. For information about reconfiguring web applications, see Returning a web application to a new, unconfigured state.
The active security policy is the security policy that the Application Security Manager uses to validate requests for, and responses from, the web application. Each web application in Application Security Manager can have only one active security policy at a time.
1.
In the navigation pane, expand Application Security and click Web Applications.
The Web Application List screen opens.
2.
In the Name column, click a web application name.
The Web Application Properties screen opens.
3.
In the Web Application Properties area, from the Active Security Policy list, select the security policy that you want to be the active security policy for the web application.
Note that the system automatically enables (checks) the Apply Policy setting when you change the Active Security Policy setting on this screen.
4.
Click the Update button.
The Web Application List screen reopens, and in the Active Security Policy list, you see the Active Policy icon next to the new active security policy.
Note: You can also set the active security policy from most screens in the Configuration utility, in addition to setting it from the Web Application Properties screen, as described above. For more information, see Setting the active security policy for a web application.
The logging profile determines whether the system logs every request for a web application, logs only those requests that violate the active security policy, or does not log any requests. The logging profile also specifies whether the requests data is stored locally, remotely, or in both places.
You can use a system-supplied logging profile, or you can create a user-defined logging profile. The system provides three logging profiles that you can assign to the web applications:
Tip: If your web application receives a high volume of requests, you may want to log only those requests that violate the active security policy so that the system resources are not overburdened. Alternately, you can use remote logging.
1.
In the navigation pane, expand Application Security and click Web Applications.
The Web Application List screen opens.
2.
In the Name column, click a web application name.
The Web Application Properties screen opens.
3.
For the Logging Profile setting, select one of the following options:
Log all requests: Select this option if you want the system to log every request for this web application.
Log illegal requests: Select this option if you want the system to log only requests which trigger a violation according to the currently active security policy.
No logging: Select this option if you do not want the system to log any requests for this web application.
4.
Click the Update button.
The system updates the configuration with any changes you may have made.
There may be circumstances when you want to remove all security policies, requests, logging, and configuration information from a web application, and set the web application back to a new, unconfigured state. You can do this by using the Reconfigure button on the Web Application Properties screen.
Note: Using the Reconfigure button to clear the configuration information for a web application is a permanent action, and cannot be undone. Use this setting with caution.
1.
In the navigation pane, expand Application Security and click Web Applications.
The Web Application List screen opens.
2.
In the Name column, click the name of a web application that has already been configured.
The Web Application Properties screen opens.
3.
Above the Web Application Properties area on the right, click the Reconfigure button.
A confirmation popup screen opens.
4.
Click OK to complete the reset action.
The system deletes all data associated with this web application from the configuration. If you want to secure the web application, you must run the Deployment wizard to create a new security policy.
A web application group is a collection of web applications within the Application Security Manager configuration. Web application groups are made up of two or more web applications. A web application can belong to more than one web application group, however, a web application does not have to belong to a web application group.
The Application Security Manager lists web applications that are not members of any web application group in the ungrouped area of the Web Application Groups screen. Recall that there is a one-to-one relationship between application security classes and web applications. In many cases, you may have several application security classes (and thus, web applications) configured for one actual web-based application. You can create a web application group, and then use that group to consolidate the requests, events, and log information about the actual web application.
When you create a web application group, you are creating an association between the member web applications. Once you have created a web application group, you can view statistics, logging, and security events in the context of the web application group, in addition to the individual web applications themselves.
1.
In the navigation pane, expand Application Security and click Web Applications.
The Web Application List screen opens.
2.
On the menu bar, click Web Application Groups.
The Web Application Groups screen opens.
3.
Click the Create button.
The Group Properties screen opens.
4.
In the Name box, type a name for the group.
5.
For the Web Applications setting, from the Available list, select the web applications that you want to add to the new web application group, and use the Move (<<) button to add them to the Members list.
6.
Click Save to update the configuration with the new web application group.
If you no longer require the web application group, you can easily remove the group from the configuration. Note that this action does not delete the web applications themselves.
1.
In the navigation pane, expand Application Security and click Web Applications.
The Web Application List screen opens.
2.
On the menu bar, click Web Application Groups.
The Web Application Groups screen opens.
3.
Check the Select box next to the web application group that you want to delete, and then click Delete.
A confirmation popup screen opens.
4.
Click OK.
The system deletes the web application group.
Disable the Application Security setting on an application security class
The system disables the web application because a web application must have a corresponding application security class.
When the system disables a web application, it moves the web application state from enabled to disabled. You can review the web application state on the Web Application List screen.
1.
In the navigation pane, expand Application Security and click Web Applications.
The Web Application List screen opens.
2.
In the Web Applications area, in the State column, you can see which web applications are enabled and which web applications are disabled.
You can re-enable a disabled web application either by creating an application security class with the same name as the disabled web application, or by re-enabling the Application Security setting for an existing application security class. In both cases, the system automatically re-enables the disabled web application, as long as the application security class has the same name, exactly, as the disabled web application.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)