Just check out a scenario...If an ASM learned the attributes of a web application completely and policy placed in BLOCKING mode, If web application team wants to deploy a newly created UI/module. What should be the procedure that I have to done in BIG IP ASM... should I switch the enforcement mode to TRANSPARENT!!!! for automatic learning... Or there is any other solution without changing the already existing policy to transparent mode?
John : A question, i have a list of allowed file types and none in not allowed file types. So does this mean only these file types will be allowed or how is it ?
The BIG-IP ASM is a "default-deny" system, so it will block everything unless you tell it to allow it. For the file types, if you have file types listed in the "allowed" section, then it will allow these. Also, if you don't have anything listed in the "disallowed" section, then it should change anything. Some people choose to add the wildcard * file type to the "allowed" section so as to allow everything and then add file types that they don't want in the "disallowed" section because they know exactly what file types they want to block...but everything else is allowed. Also (like you have done), many people will add file types to the "allowed" section (be sure you don't add the wildcard type here or else you will allow everything) because they know exactly what file types should be allowed for their application. This is the more secure way of doing things. Also, don't forget that you will need to make sure your security policy is in "Blocking" mode and that all File Types are not in staging mode in order for anything to get blocked. Hope this helps! Here's an article I wrote a while back that goes into a little more detail: devcentral.f5.com/articles/the-big-ip-application-security-manager-part-3-the-importance-of-file-types-parameters-and-urls
F5 DevCentral, i am new in f5 load balancer, i ended you at devcentral while checking vidoes on UA-cam.. Where should i start from devcentral, i don't see the proper flow of vidoes, where can i get to see more vidoes on f5 fom scratch
Took me a while to figure out how the lightboard setup works, what initially had me confused was the fact that the shirt logos aren't flipped, have you guys gone so far as to custom order shirts for this as well?
I'm more impressed that old mate was able to write in flipped mode!
Just check out a scenario...If an ASM learned the attributes of a web application completely and policy placed in BLOCKING mode, If web application team wants to deploy a newly created UI/module. What should be the procedure that I have to done in BIG IP ASM...
should I switch the enforcement mode to TRANSPARENT!!!! for automatic learning... Or there is any other solution without changing the already existing policy to transparent mode?
John : A question, i have a list of allowed file types and none in not allowed file types. So does this mean only these file types will be allowed or how is it ?
The BIG-IP ASM is a "default-deny" system, so it will block everything unless you tell it to allow it. For the file types, if you have file types listed in the "allowed" section, then it will allow these. Also, if you don't have anything listed in the "disallowed" section, then it should change anything. Some people choose to add the wildcard * file type to the "allowed" section so as to allow everything and then add file types that they don't want in the "disallowed" section because they know exactly what file types they want to block...but everything else is allowed. Also (like you have done), many people will add file types to the "allowed" section (be sure you don't add the wildcard type here or else you will allow everything) because they know exactly what file types should be allowed for their application. This is the more secure way of doing things. Also, don't forget that you will need to make sure your security policy is in "Blocking" mode and that all File Types are not in staging mode in order for anything to get blocked. Hope this helps!
Here's an article I wrote a while back that goes into a little more detail: devcentral.f5.com/articles/the-big-ip-application-security-manager-part-3-the-importance-of-file-types-parameters-and-urls
Nicely explained, i loved the video.
glad you enjoyed it!
F5 DevCentral, i am new in f5 load balancer, i ended you at devcentral while checking vidoes on UA-cam.. Where should i start from devcentral, i don't see the proper flow of vidoes, where can i get to see more vidoes on f5 fom scratch
How is he writing in flipped mode, his hand moves left to right . Is this some kind of software or skill or video is recorded in that way
We flip the video in post-production, though I'm sure if that wasn't possible we could teach John to write backwards!
Took me a while to figure out how the lightboard setup works, what initially had me confused was the fact that the shirt logos aren't flipped, have you guys gone so far as to custom order shirts for this as well?
Thanks sir.
not so fast my friend ^^ hehehe