Manual Chapter : ce-file-for-security

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

ce-file-for-security

  1. To configure settings for the detection of DoS attacks based on a high volume of incoming traffic, click
    TPS-based Detection
    .
    Property
    Description
    Operation Mode
    Specifies how the system reacts when it detects an attack, and can be
    Off
    ,
    Transparent
    , or
    Blocking
    . If set to
    Off
    , no other properties are shown.
    Thresholds Mode
    Specifies how thresholds are configured.
    • To configure each mitigation behavior threshold manually, select
      Manual
      .
    • To use the system default mitigation threshold settings, select
      Automatic
      .
    Your
    Thresholds Mode
    selection affects which threshold options are available in the other sections on this screen.
    By Source IP
    Specifies the criteria that determine when the system treats the IP address as an attacker, and the mitigation method to be used for the attacking IP address.
    By Device ID
    Specifies the criteria that determine when the system treats the device ID as an attacker, and the mitigation method to be used for the attacking device.
    By Geolocation
    Specifies the criteria that determine when the system treats the geolocation as an attacker, and the mitigation method to be used for the attacking geolocation. The settings exclude blacklisted and whitelisted geolocations.
    By URL
    Specifies the criteria that determine when the system treats the URL as an attacker, and the mitigation method to be used for the attacking URL. Heavy URL Protection can also be enabled, but needs to be configured. Click the
    Click to configure
    link next to the option to do so.
    Site Wide
    Specifies the criteria that determine when the system determines an entire website is under attack, and the mitigation method to be used.
    Prevention Duration
    Specifies the time spent in each mitigation step before moving (escalating or de-escalating) to the next mitigation step.
  2. To configure settings for the detection of DoS attacks based on server stress, click
    Behavioral and Stress-based Detection
    .
    Property
    Description
    Operation Mode
    Specifies how the system reacts when it detects a stress-based attack, and can be
    Off
    ,
    Transparent
    or
    Blocking
    . If set to
    Off
    , no other properties are shown.
    Thresholds Mode
    Specifies how thresholds are configured.
    • To configure each mitigation behavior threshold manually, select
      Manual
      .
    • To use the system default mitigation threshold settings, select
      Automatic
      .
    Your
    Thresholds Mode
    selection affects which threshold options are available in the other sections on this screen.
    By Source IP
    Specifies the criteria that determine when the system treats the IP address as an attacker, and the mitigation method to be used for the attacking IP address.
    By Device ID
    Specifies the criteria that determine when the system treats the device ID as an attacker, and the mitigation method to be used for the attacking device.
    By Geolocation
    Specifies the criteria that determine when the system treats the geolocation as an attacker, and the mitigation method to be used for the attacking geolocation. The settings exclude blacklisted and whitelisted geolocations.
    By URL
    Specifies the criteria that determine when the system treats the URL as an attacker, and the mitigation method to be used for the attacking URL. Heavy URL Protection can also be enabled, but needs to be configured. Click the
    Click to configure
    link next to the option to do so.
    Site Wide
    Specifies the criteria that determine when the system determines an entire website is under attack, and the mitigation method to be used.
    Behavioral Detection and Mitigation
    Specifies the mitigation behavior, and when enabled, the selected level of mitigation to use.
    • For the
      Bad actors behavior detection
      setting, select
      Enabled
      to perform traffic behavior, server capacity learning, and anomaly detection.
    • For the
      Request signatures detection
      setting, select
      Enabled
      to perform signature detection.
    • For signature detection before establishing a connection, select
      Accelerated signatures
      .
    • For system admin mitigation approval of detected signatures
      Use approved signatures only
      . This is an extra step that allows the administrator to manually approve detect signatures.
    • For the
      Mitigation
      setting, select the type of mitigation to be used. Review the description of each mitigation type to select the best one for your environment,
    Prevention Duration
    Specifies the time spent in each mitigation step before moving (escalating or de-escalating) to the next mitigation step.
  3. To automatically deploy changes to your application's security enforcement mode, go to the CONFIGURATION area on the screen and adjust the enforcement setting for Web Application Security.
    If you have administrative access, you can make additional changes to the your application template's security settings. You can see the application template title when you click APPLICATION Properties at the center left of the screen (make sure you select the CONFIGURATION tab). For more information see the Managing Application Security Policies in Web Application Security section of
    BIG-IQ Centralized Management: Security
    on
    support.f5.com
    .
  4. Go to
    Configuration
    SECURITY
    Network Security
    Contexts
    .
  5. Go to
    Configuration
    SECURITY
    Network Security
    Network Firewall
    Firewall Policies
    .
  6. At the lower part of the screen, from the
    Shared Objects
    list, select
    Inspection Profiles
    .
    The list of the configured inspection profiles displays.
  7. Go to
    Monitoring
    DASHBOARDS
    Bot Traffic
    Bot Traffic Dashboard
    .
    The screen displays current summary information about all traffic processed by your bot defense profiles. You can change the time period using the control at the top left of the screen.
  8. Go to
    Configuration
    SECURITY
    Web Application Security
    Policies
    .
  9. Go to
    Configuration
    SECURITY
    Shared Security
    Bot Defense
    Bot Profiles
    .
  10. Select the name of the bot profile you would like to edit.