Manual :
BIG-IP Application Security Manager: Implementations
Applies To:
Show VersionsBIG-IP ASM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
-
Preventing DoS Attacks for Layer 7 Traffic
- What is a DoS attack?
- About recognizing DoS attacks
- About configuring TPS-based DoS protection
- About configuring latency-based DoS protection
- About heavy URL protection
- About site-wide DoS mitigation
-
Overview: Preventing DoS attacks for applications
- Configuring DoS protection for applications
- Configuring TPS-based DoS protection settings
- Configuring latency-based DoS protection
- Configuring heavy URL protection
- Recording traffic during DoS attacks
- Associating a DoS profile with a virtual server
- Displaying DoS event logs
- Viewing DoS attack statistics
- Viewing URL Latencies reports
- Implementation Result
- Configuring DoS Policy Switching
- Mitigating Brute Force Attacks
-
Detecting and Preventing Web Scraping
-
Overview: Detecting and preventing web scraping
- Prerequisites for configuring web scraping
- Adding allowed search engines
- Detecting web scraping based on bot detection
- Detecting web scraping based on session opening
- Detecting web scraping based on session transactions
- Using fingerprinting to detect web scraping
- Displaying web scraping event logs
- Viewing web scraping statistics
- Implementation Result
-
Overview: Detecting and preventing web scraping
- Setting Up IP Address Intelligence Blocking
- Managing IP Address Exceptions
- Enforcing Application Use at Specific Geolocations
- Creating Login Pages for Secure Application Access
- Protecting Sensitive Data with Data Guard
- Masking Credit Card Numbers in Logs
- Displaying Reports and Monitoring ASM
- Configuring Application Security Event Logging
- Configuring Application Security Session Tracking
-
Tracking Application Security Sessions with APM
- Overview: Tracking application security sessions using APM
-
Prerequisites for setting up session tracking with APM
- Creating a VLAN
- Creating a self IP address for a VLAN
- Creating a local traffic pool for application security
- Creating a virtual server to manage HTTPS traffic
- Creating a security policy automatically
- Creating an access profile
- Configuring an access policy
- Adding the access profile to the virtual server
- Setting up ASM session tracking with APM
- Monitoring user and session information
- Mitigating Open Redirects
- Setting Up Cross-Domain Request Enforcement
- Implementing Web Services Security
- Fine-tuning Advanced XML Security Policy Settings
- Adding JSON Support to an Existing Security Policy
- Automatically Creating Security Policies for AJAX Applications
- Adding AJAX Blocking Response Behavior to a Security Policy
- Securing Web Applications Created with Google Web Toolkit
-
Refining Security Policies with Learning
- About learning
- Learning resources
- About learning suggestions
- Fine-tuning a security policy
- Configuring explicit entities learning
- Viewing requests that caused learning suggestions
- Accepting learning suggestions
- Clearing learning suggestions
- Viewing ignored entities
- About enforcement readiness
- Enforcing entities
- Disabling learning on violations
- Configuring Security Policy Blocking
- Configuring Blocking Responses
- Configuring General Security Policy Building Settings
-
Configuring Manual Security Policy Settings
- Editing an existing security policy
- Changing security policy enforcement
- Adjusting the enforcement readiness period
- Viewing whether a security policy is case-sensitive
- Differentiating between HTTP and HTTPS URLs
- Specifying the response codes that are allowed
- Activating iRule events
- Configuring trusted XFF headers
- Adding host names
- Protecting against CSRF
- Adding File Types to a Security Policy
-
Adding Parameters to a Security Policy
-
About adding parameters to a security policy
- Creating global parameters
- Creating URL parameters
- Creating flow parameters
- Creating sensitive parameters
- Creating navigation parameters
- Creating parameters with dynamic content
- Creating parameters with dynamic names
- Changing character sets for parameter values
- Changing character sets for parameter names
- Adjusting the parameter level
- Parameter Value Types
- How the system processes parameters
- About path parameters
- Enforcing path parameter security
-
About adding parameters to a security policy
- Securing Base64-Encoded Parameters
- Adding URLs to a Security Policy
- Adding Cookies
- Configuring Advanced Cookie Protection
- Adding Allowed Methods to a Security Policy
- Configuring HTTP Headers
-
Configuring How a Security Policy is Automatically Built
-
Overview: Configuring automatic policy build settings
- Configuring automatic policy building settings
- About security policy elements
- Modifying security policy elements
- About automatic policy building rules
- About automatic policy building stages
- Modifying security policy rules
- Adding trusted IP addresses to a security policy
- Learning from responses
- Specifying when to add dynamic parameters
- Collapsing entities in a security policy
- Learning based on response codes
- Limiting the maximum number of policy elements
- Specifying the file types for wildcard URLs
- Restoring default values for automatic policy building
- Stopping and starting automatic policy building
-
Overview: Configuring automatic policy build settings
- Configuring General ASM System Options
- Working with Violations
-
Working with Attack Signatures
- About attack signatures
-
Overview: Creating and assigning attack signature sets
- About attack signature sets
- List of attack signature sets
- Creating a set of attack signatures
- Assigning signature sets to a security policy
- Viewing the signature sets in a security policy
- Viewing the attack signatures in a security policy
- Enabling or disabling a specific attack signature
- Enabling or disabling staging for attack signatures
- Overriding attack signatures based on content
- Overview: Managing the attack signature pool
- Overview: Creating user-defined attack signatures
- Maintaining Security Policies
- Configuring ASM with Local Traffic Policies
-
Automatically Synchronizing Application Security Configurations
-
Overview: Automatically synchronizing ASM systems
- About device management and synchronizing application security configurations
- Considerations for application security synchronization
- Performing basic network configuration for synchronization
- Specifying an IP address for config sync
- Establishing device trust
- Creating a Sync-Failover device group
- Syncing the BIG-IP configuration to the device group
- Specifying IP addresses for failover communication
- Creating a Sync-Only device group
- Enabling ASM synchronization on a device group
- Synchronizing an ASM-enabled device group
- Implementation result
-
Overview: Automatically synchronizing ASM systems
-
Manually Synchronizing Application Security Configurations
-
Overview: Manually synchronizing ASM systems
- About device management and synchronizing application security configurations
- Considerations for application security synchronization
- Performing basic network configuration for synchronization
- Specifying an IP address for config sync
- Establishing device trust
- Creating a Sync-Failover device group
- Syncing the BIG-IP configuration to the device group
- Specifying IP addresses for failover communication
- Enabling ASM synchronization on a device group
- Synchronizing an ASM-enabled device group
- Implementation result
-
Overview: Manually synchronizing ASM systems
-
Synchronizing Application Security Configurations Across LANs
-
Overview: Synchronizing ASM systems across LANs
- About device management and synchronizing application security configurations
- Considerations for application security synchronization
- Performing basic network configuration for synchronization
- Specifying an IP address for config sync
- Establishing device trust
- Creating a Sync-Failover device group
- Syncing the BIG-IP configuration to the device group
- Specifying IP addresses for failover communication
- Creating a Sync-Only device group
- Enabling ASM synchronization on a Sync-Only device group
- Synchronizing an ASM-enabled device group
- Implementation result
-
Overview: Synchronizing ASM systems across LANs
- Integrating ASM with Database Security Products
-
Integrating ASM and APM with Database Security Products
- Overview: Integrating ASM and APM with database security products
-
Prerequisites for integrating ASM and APM with database security
- Creating a VLAN
- Creating a self IP address for a VLAN
- Creating a local traffic pool for application security
- Creating a virtual server to manage HTTPS traffic
- Creating a security policy automatically
- Creating an access profile
- Configuring an access policy
- Adding the access profile to the virtual server
- Configuring a database security server
- Enabling database security integration with ASM and APM
- Implementation result
- Securing FTP Traffic Using the Default Configuration
- Securing FTP Traffic Using a Custom Configuration
- Securing SMTP Traffic Using the Default Configuration
-
Securing SMTP Traffic Using a Custom Configuration
-
Overview: Creating a custom SMTP security profile
- Creating a custom SMTP service profile
- Creating a security profile for SMTP traffic
- Enabling anti-virus protection for email
- Modifying associations between service profiles and security profiles
- Creating and securing an SMTP virtual server and pool
- Reviewing violation statistics for security profiles
-
Overview: Creating a custom SMTP security profile
- Configuring Remote High-Speed Logging of Protocol Security Events