F5 Logo MyF5
Search
  1. MyF5 Home
  2. Modifying and Managing Layer 7 Security Objects using BIG-IQ
  3. ce-file-for-security
Manual Chapter : ce-file-for-security

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.0.0
Manual Chapter

ce-file-for-security

  1. To configure settings for the detection of DoS attacks based on a high volume of incoming traffic, click
    TPS-based Detection
    .
    Property
    Description
    Operation Mode
    Specifies how the system reacts when it detects an attack, and can be
    Off
    ,
    Transparent
    , or
    Blocking
    . If set to
    Off
    , no other properties are shown.
    Thresholds Mode
    Specifies how thresholds are configured.
    • To configure each mitigation behavior threshold manually, select
      Manual
      .
    • To use the system default mitigation threshold settings, select
      Automatic
      .
    Your
    Thresholds Mode
     selection affects which threshold options are available in the other sections on this screen.
    By Source IP
    Specifies the criteria that determine when the system treats the IP address as an attacker, and the mitigation method to be used for the attacking IP address.
    By Device ID
    Specifies the criteria that determine when the system treats the device ID as an attacker, and the mitigation method to be used for the attacking device.
    By Geolocation
    Specifies the criteria that determine when the system treats the geolocation as an attacker, and the mitigation method to be used for the attacking geolocation. The settings exclude blacklisted and whitelisted geolocations.
    By URL
    Specifies the criteria that determine when the system treats the URL as an attacker, and the mitigation method to be used for the attacking URL. Heavy URL Protection can also be enabled, but needs to be configured. Click the
    Click to configure
     link next to the option to do so.
    Site Wide
    Specifies the criteria that determine when the system determines an entire website is under attack, and the mitigation method to be used.
    Prevention Duration
    Specifies the time spent in each mitigation step before moving (escalating or de-escalating) to the next mitigation step.
  2. To configure settings for the detection of DoS attacks based on server stress, click
    Behavioral and Stress-based Detection
    .
    Property
    Description
    Operation Mode
    Specifies how the system reacts when it detects a stress-based attack, and can be
    Off
    ,
    Transparent
     or
    Blocking
    . If set to
    Off
    , no other properties are shown.
    Thresholds Mode
    Specifies how thresholds are configured.
    • To configure each mitigation behavior threshold manually, select
      Manual
      .
    • To use the system default mitigation threshold settings, select
      Automatic
      .
    Your
    Thresholds Mode
     selection affects which threshold options are available in the other sections on this screen.
    By Source IP
    Specifies the criteria that determine when the system treats the IP address as an attacker, and the mitigation method to be used for the attacking IP address.
    By Device ID
    Specifies the criteria that determine when the system treats the device ID as an attacker, and the mitigation method to be used for the attacking device.
    By Geolocation
    Specifies the criteria that determine when the system treats the geolocation as an attacker, and the mitigation method to be used for the attacking geolocation. The settings exclude blacklisted and whitelisted geolocations.
    By URL
    Specifies the criteria that determine when the system treats the URL as an attacker, and the mitigation method to be used for the attacking URL. Heavy URL Protection can also be enabled, but needs to be configured. Click the
    Click to configure
     link next to the option to do so.
    Site Wide
    Specifies the criteria that determine when the system determines an entire website is under attack, and the mitigation method to be used.
    Behavioral Detection and Mitigation
    Specifies the mitigation behavior, and when enabled, the selected level of mitigation to use.
    • For the
      Bad actors behavior detection
       setting, select
      Enabled
       to perform traffic behavior, server capacity learning, and anomaly detection.
    • For the
      Request signatures detection
       setting, select
      Enabled
       to perform signature detection. Select
      Use approved signatures only
       to use only approved signatures.
    • For the
      Mitigation
       setting, select the type of mitigation to be used. Review the description of each mitigation type to select the best one for your environment,
    Prevention Duration
    Specifies the time spent in each mitigation step before moving (escalating or de-escalating) to the next mitigation step.
  3. To automatically deploy changes to your application's security enforcement mode, go to the CONFIGURATION area on the screen and adjust the enforcement setting for Web Application Security.
    If you have administrative access, you can make additional changes to the your application template's security settings. You can see the application template title when you click APPLICATION Properties at the center left of the screen (make sure you select the CONFIGURATION tab). For more information see the Managing Application Security Policies in Web Application Security section of
    BIG-IQ Centralized Management: Security
     on
    support.f5.com
    .
  4. Go to
    Configuration
    SECURITY
    Network Security
    Contexts
    .
  5. Go to
    Configuration
    SECURITY
    Network Security
    Network Firewall
    Firewall Policies
    .
  6. At the lower part of the screen, from the
    Shared Objects
     list, select
    Inspection Profiles
    .
    The list of the configured inspection profiles displays.
  7. Go to
    Monitoring
    DASHBOARDS
    Bot Traffic
    Bot Traffic Dashboard
    .
    The screen displays current summary information about all traffic processed by your bot defense profiles. You can change the time period using the control at the top left of the screen.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information