Manual Chapter :
ce-file-for-security
Applies To:
Show VersionsBIG-IQ Centralized Management
- 7.1.0
ce-file-for-security
Users who managed devices running Web Application Security that require added protection for the connection between BIG-IP and the Central Policy Builder, must enable
Secure Policy Builder
and replace the default SSL certificate with a certificate issued by a trusted CA (Certificate Authority). If the SSL certificate is not replaced, the system will be unable to provide policy suggestions under Secure Policy Builder
. Users who do not enable a secure connection do not need to perform the certificate replacement task. Replace the default SSL certificate with a new certificate signing request (CSR) and a new SSL private key by a trusted CA (Certificate Authority). For more information about generating and new CSR and a new SSL private key (not self-signed), see: K52425065 on
support.f5.com
.- To configure settings for the detection of DoS attacks based on a high volume of incoming traffic, clickTPS-based Detection.PropertyDescriptionOperation ModeSpecifies how the system reacts when it detects an attack, and can beOff,Transparent, orBlocking. If set toOff, no other properties are shown.Thresholds ModeSpecifies how thresholds are configured.
- To configure each mitigation behavior threshold manually, selectManual.
- To use the system default mitigation threshold settings, selectAutomatic.
Thresholds Modeselection affects which threshold options are available in the other sections on this screen.By Source IPSpecifies the criteria that determine when the system treats the IP address as an attacker, and the mitigation method to be used for the attacking IP address.By Device IDSpecifies the criteria that determine when the system treats the device ID as an attacker, and the mitigation method to be used for the attacking device.By GeolocationSpecifies the criteria that determine when the system treats the geolocation as an attacker, and the mitigation method to be used for the attacking geolocation. The settings exclude blacklisted and whitelisted geolocations.By URLSpecifies the criteria that determine when the system treats the URL as an attacker, and the mitigation method to be used for the attacking URL. Heavy URL Protection can also be enabled, but needs to be configured. Click theClick to configurelink next to the option to do so.Site WideSpecifies the criteria that determine when the system determines an entire website is under attack, and the mitigation method to be used.Prevention DurationSpecifies the time spent in each mitigation step before moving (escalating or de-escalating) to the next mitigation step. - To configure settings for the detection of DoS attacks based on server stress, clickBehavioral and Stress-based Detection.PropertyDescriptionOperation ModeSpecifies how the system reacts when it detects a stress-based attack, and can beOff,TransparentorBlocking. If set toOff, no other properties are shown.Thresholds ModeSpecifies how thresholds are configured.
- To configure each mitigation behavior threshold manually, selectManual.
- To use the system default mitigation threshold settings, selectAutomatic.
Thresholds Modeselection affects which threshold options are available in the other sections on this screen.By Source IPSpecifies the criteria that determine when the system treats the IP address as an attacker, and the mitigation method to be used for the attacking IP address.By Device IDSpecifies the criteria that determine when the system treats the device ID as an attacker, and the mitigation method to be used for the attacking device.By GeolocationSpecifies the criteria that determine when the system treats the geolocation as an attacker, and the mitigation method to be used for the attacking geolocation. The settings exclude blacklisted and whitelisted geolocations.By URLSpecifies the criteria that determine when the system treats the URL as an attacker, and the mitigation method to be used for the attacking URL. Heavy URL Protection can also be enabled, but needs to be configured. Click theClick to configurelink next to the option to do so.Site WideSpecifies the criteria that determine when the system determines an entire website is under attack, and the mitigation method to be used.Behavioral Detection and MitigationSpecifies the mitigation behavior, and when enabled, the selected level of mitigation to use.- For theBad actors behavior detectionsetting, selectEnabledto perform traffic behavior, server capacity learning, and anomaly detection.
- For theRequest signatures detectionsetting, selectEnabledto perform signature detection.
- For signature detection before establishing a connection, selectAccelerated signatures.
- For system admin mitigation approval of detected signaturesUse approved signatures only. This is an extra step that allows the administrator to manually approve detect signatures.
- For theMitigationsetting, select the type of mitigation to be used. Review the description of each mitigation type to select the best one for your environment,
Prevention DurationSpecifies the time spent in each mitigation step before moving (escalating or de-escalating) to the next mitigation step. - To automatically deploy changes to your application's security enforcement mode, go to the CONFIGURATION area on the screen and adjust the enforcement setting for Web Application Security.If you have administrative access, you can make additional changes to the your application template's security settings. You can see the application template title when you click APPLICATION Properties at the center left of the screen (make sure you select the CONFIGURATION tab). For more information see the Managing Application Security Policies in Web Application Security section ofBIG-IQ Centralized Management: Securityonsupport.f5.com.
- Select the name of the bot profile you would like to edit.