Manual Chapter :
Managing Web Application Security Policies
Applies To:
Show VersionsBIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0, 8.0.0
Managing Web Application Security Policies
Using Web Application Security policies to improve application protection
A Web Application Security policy implements various levels of security to protect Layer 7 applications. The L7 Summary Dashboard (
) lists the applications and virtual servers attached to BIG-IP Application Security Manager (ASM) policies. With this dashboard, you can create new policies based on the requirements of the objects configured to your monitored BIG-IP systems. You create a new application security policy based on observed traffic patterns. In addition, you have the flexibility to manually develop a security policy that is customized for your needs, based on the amount of protection and acceptable risk. For more information, refer to the
Managing Application Security Policies in Web Application Security
topics in BIG-IQ Centralized Management: Security
on support.f5.com
. Create a Web Application Security policy
You must have AVR provisioned and your virtual server must include an HTTP Analytics profile (not transparent) before you can configure a new policy.
You can use BIG-IQ Web Application Security to add new application security policies for later deployment over monitored applications and virtual servers.
- Go toThe screen displays your protected objects, and provides summary data, based on the selected time settings. To change the scope of the time settings, use the control to the top left of the screen.
- ClickCreateand selectPolicy.
- Specify the following information about the new Web Application Security policy:
- Type theName(required) of the security policy.
- Specify thePartition(required) to which the security policy belongs.Only users with access to a partition can view the objects that it contains. If the security policy resides in theCommonpartition, all users can access it.
- ForApplication Language, select the language encoding (required) for the web application, which determines how the security policy processes the character sets.The default language encoding determines the default character sets for URLs, parameter names, and parameter values.
- ForEnforcement Mode, specify whether blocking is active or inactive for the security policy.You can enable or disable blocking for individual violations in the subsequent tables of settings and properties. Iftransparentappears, blocking is disabled for the security policy. This disables blocking for all options, and the check boxes to enable blocking are unavailable.
- When you are finished editing General Properties, clickSave.This makes the remaining policy objects available for editing.
- Click the options in the list to the left to configure addition properties to your policy.
- ClickSaveto save the modifications to each policy property.
- ClickSave & Closewhen you are finished editing.
The newly-created policy is added to the list of application security policies, and the new policy object exists in the working configuration of the BIG-IQ system. At this point, you can add it to any object in Web Application Security.