Manual Chapter :
Adding Server Technologies to a
Policy
Applies To:
Show Versions
BIG-IP ASM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
Adding Server Technologies to a
Policy
Overview: Adding server technologies to a
policy
It is not always easy to determine which server technologies apply to the applications for
which you are creating security policies. Server technologies can be server-side applications,
frameworks, programs, web servers, operating systems, and so on, and they are associated with one
or more sets of attack signatures that can be added to the policy. This allows you to assign a
more selective set of attack signatures to the policy, that is, signatures that specifically
apply to the technologies used in the application being protected.
When you first create a security policy, you have the opportunity to select server technologies
that you know about. Once the policy is created, you can have it automatically detect server
technologies. In this case, the policy can detect appropriate server technologies, and can
continue to detect new server technologies if the back-end server infrastructure changes, if new
systems are added, or if an attack signature update adds a new server technology that is
appropriate for the policy.
The system can automatically detect the server technology on Request headers and payloads only
when a successful response code is received (1xx/2xx/3xx). For Responses, server technology can
be detected only if "Content-Type" header is in the response. The system also learns technologies
from error responses, such as 4xx and 5xx status codes (even if they are not listed in the
HTTP Response Status Codes used to learn traffic
in the Learning and
Blocking Settings).You can also manually add server technologies to the policy if you determine that certain ones
are appropriate for the applications being protected and want to apply them right away.
Automatically
adding server technologies
A security policy can automatically detect the
server technologies that the applications it protects are using. You can also view a
list of server technologies and add them manually.
- On the Main tab, click .The Learning and Blocking Settings screen opens.
- In the Policy Building Settings area, expandServer Technologiesand selectEnable Server Technology Detection.
- ClickSaveto save your settings.
- Click the arrow next toEnable Server Technology Detection.The Policy: Server Technologies screen opens where you can see which server technologies are applied to the current security policy.
- ClickAdd Server Technologyto see the server technologies that are discoverable, and select any that you know apply to the applications being protected, and clickSave.If manually adding a server technology that has implied technologies, you see a notification that lists the additional server technologies that will be added. For example, if you add ASP.NET, IIS and Microsoft Windows are also included.
- In the editing context area, clickApply Policyto put the changes into effect.
The security policy is set up to automatically detect server technologies and make
suggestions to add them to the policy. If using automatic learning, the system adds the
detected technologies when sufficient time and traffic has passed. If the
Learning Mode
is Manual
, you need to specifically
accept the learning suggestions to add the sever technologies on the Traffic Learning
screen. When server technologies are included in the policy, the
system creates a user-defined signature set for each server technology. If the
technology has related or implied server technologies, they are added as well. The
signature sets are added to the security policy with the Learn, Alarm, Block flags
set, and new signatures are put into staging. The system learns server technologies
from responses regardless of the
Learn
from response
flag setting in the Learning and Blocking Settings
.If you later delete server technologies and want to
delete the associated user-defined signature sets, you can go to and delete the sets there. Deleting the user-defined signature sets
alone, however, does not remove the server technology from the list.
