Manual Chapter : Modify Web Application Security Policy

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.0.0
Manual Chapter

Modify Web Application Security Policy

Modifying a Web Application Security policy to improve application protection

Web Application Security imports BIG-IP Application Security Manager (ASM) application security policies from discovered BIG-IP devices, and lists them with the attached protected object (application or virtual server). The Web Application Security policy helps you to define both bad traffic and how this traffic is handled so that it doesn't affect the performance of your application's web server. Changes in traffic or an application's protection needs might reduce the effectiveness of your policy. You can change the policy's configuration to ensure that your protected objects can withstand a Layer 7 attack.

Edit web application security policies

You modify application security policies to customize how they protect your applications and virtual servers. Application security policies can be created in Web Application Security. But more often, they are created on BIG-IP devices and come into the Web Application Security configuration when you discover the devices.
  1. At the top of the screen, click
  2. Go to
    L7 Security
    This displays all monitored objects.
  3. Click the Web Application Security Policy column header to sort objects by policy.
  4. Click the name of a policy you want to edit.
  5. Edit the properties of the policy as needed.
    Consult the documentation for each policy object to edit it individually. For more information on the policy editing process, refer to the
    Edit application security policies
    in F5 BIG-IQ Centralized Management: Security
  6. Click
    to save the modifications to each object and unlock the policy.
The system saves changes to the policy object in the working configuration of BIG-IQ Centralized Management. If the policy is assigned to a virtual server, the next deployment sends the new configuration to one or more BIG-IP devices.