Manual Chapter : Managing Web Application Security Policies

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.3.0, 8.2.0, 8.1.0, 8.0.0
Manual Chapter

Managing Web Application Security Policies

Using Web Application Security policies to improve application protection

A Web Application Security policy implements various levels of security to protect Layer 7 applications. The L7 Summary Dashboard (
Monitoring
DASHBOARDS
L7 Security
) lists the applications and virtual servers attached to BIG-IP Application Security Manager (ASM) policies. With this dashboard, you can create new policies based on the requirements of the objects configured to your monitored BIG-IP systems.
You create a new application security policy based on observed traffic patterns. In addition, you have the flexibility to manually develop a security policy that is customized for your needs, based on the amount of protection and acceptable risk. For more information, refer to the
Managing Application Security Policies in Web Application Security
topics in
BIG-IQ Centralized Management: Security
on
support.f5.com
.

Create a Web Application Security policy

You must have AVR provisioned and your virtual server must include an HTTP Analytics profile (not transparent) before you can configure a new policy.
You can use BIG-IQ Web Application Security to add new application security policies for later deployment over monitored applications and virtual servers.
  1. Go to
    Monitoring
    DASHBOARDS
    L7 Dashboard
    The screen displays your protected objects, and provides summary data, based on the selected time settings. To change the scope of the time settings, use the control to the top left of the screen.
  2. Click
    Create
    and select
    Policy
    .
  3. Specify the following information about the new Web Application Security policy:
    1. Type the
      Name
      (required) of the security policy.
    2. Specify the
      Partition
      (required) to which the security policy belongs.
      Only users with access to a partition can view the objects that it contains. If the security policy resides in the
      Common
      partition, all users can access it.
    3. For
      Application Language
      , select the language encoding (required) for the web application, which determines how the security policy processes the character sets.
      The default language encoding determines the default character sets for URLs, parameter names, and parameter values.
    4. For
      Enforcement Mode
      , specify whether blocking is active or inactive for the security policy.
      You can enable or disable blocking for individual violations in the subsequent tables of settings and properties. If
      transparent
      appears, blocking is disabled for the security policy. This disables blocking for all options, and the check boxes to enable blocking are unavailable.
  4. When you are finished editing General Properties, click
    Save
    .
    This makes the remaining policy objects available for editing.
  5. Click the options in the list to the left to configure addition properties to your policy.
  6. Click
    Save
    to save the modifications to each policy property.
  7. Click
    Save & Close
    when you are finished editing.
The newly-created policy is added to the list of application security policies, and the new policy object exists in the working configuration of the BIG-IQ system. At this point, you can add it to any object in Web Application Security.