Applies To:Show Versions
- 16.0.0, 15.1.0, 15.0.1, 15.0.0
Working with Security Policy Microservices
Working with security policy microservices
- Security policy in Blocking mode with microservices in Transparent mode.
- Security policy in Blocking mode with Blocking Settings overrides for microservices.
- Security policy in Transparent mode with microservices in Blocking mode.
- Web application: hostname=*.example.com, URL=*
- Add-to-cart microservice: hostname=api.example.com, URL=/api/AddToCart.aspx
Creating a security policy microservice
- On the Main tab, click.
- Select whether the Hostname is aWildcardorExplicitHostname and enter the Hostname.The hostname can be an fnmatch regular expression. IPv4 and IPv6 addresses are supported.
- Select whether the URL is aWildcardorExplicitURL and enter the URL.The URL can be an fnmatch regular expression. The URL can be HTTP, HTTPS or a websocket. The URL does not need to exist in the Allowed URLs in the selected policy.TheURL Wildcard Match Includes Slashesoption is only available for wildcard URLs and is enabled by default. A wildcard starting with * must have this enabled or no matches will be found because the wildcard will reject the leading slash in every URL.
- Select theEnforcement Modefor the microservice.Policy DefaultThe default security policy enforcement is enforced for this microservice, i.e. if the default enforcement is Transparent, it will remain Transparent; if Blocking, it will remain Blocking.TransparentThe policy is not enforced for this microservice, even if the security policy enforcement is Blocking.BlockingThe policy is enforced for this microservice, even if the security policy enforcement is Transparent.
- Select which, if any,Evasion technique detectedviolations to override and how.You can override all Evasion technique detected configurations by selectingOverride Violationat the top of the list. Modify theLearn,AlarmandBlocksettings to match your desired behavior.You can override specific subviolations by selectingOverridefor that subviolation. Modify theEnableandLearnsettings to match your desired behavior.
- Select which, if any,HTTP protocol compliance failedviolations to override and how.You can override all HTTP protocol compliance failed configurations by selectingOverride Violationat the top of the list. Modify theLearn,AlarmandBlocksettings to match your desired behavior.You can override specific subviolations by selectingOverridefor that subviolation. Modify theEnableandLearnsettings to match your desired behavior.If a violation is overridden globally and Enable, Alarm and Block are disabled then you cannot override and enable them for subviolations.
- ClickSaveto save the microservice.
Viewing microservice suggestions
- On the Main tab, click.With no suggestion selected, the Traffic Learning Summary displays in the right pane, including the Enforcement by Microservice table.
- In theCurrent edited security policylist near the top of the screen, verify that the security policy shown is the one you want to work on.
- In the right pane, clickEnforcement By Microserviceto open the table and view any microservice suggestions.
Viewing microservice requests
- On the Main tab, click.With no request selected, the Requests Log Summary displays in the right pane, including the Microservices table.
- In the right pane, clickMicroservicesto open the table and view the microservice suggestions with high and low scores.