Manual Chapter :
Configuring General ASM System Options
Applies To:
Show VersionsBIG-IP ASM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
Configuring General ASM System Options
Adjusting system preferences
You can change the default user interface and system preferences for the Application Security Manager™ (ASM), and configure fields displayed
in the Request List of the Reporting screen.
The adjusted settings are used throughout the ASM system.
Incorporating external antivirus protection
Before you can incorporate antivirus protection, you need to have an ICAP server
setup in your network.
You can configure the Application Security Manager™ (ASM) to
connect with an Internet Content Adaptation Protocol (ICAP) server to check requests for
viruses. (ASM was tested with McAfee VirusScan, Trend Micro InterScan, Symantec
Protection Engine, and Kaspersky Antivirus products, and may work with others.) You can
also set up antivirus checking for HTTP file uploads and SOAP web service requests.
If the Virus Detected violation is set to Alarm or Block in the
security policy, the system sends requests with file uploads to an external ICAP server
for inspection. The ICAP server examines the requests for viruses and, if the ICAP
server detects a virus, it notifies ASM, which then issues the Virus
Detected violation.
If antivirus checking for HTTP file uploads and SOAP web service requests is configured, the system checks the file uploads and SOAP requests before releasing content to the web server.
Creating user accounts for application security
User accounts on the BIG-IP® system are assigned a user role
that specifies the authorization level for that account. While an account with the user
role of Administrator can access and configure everything on the system, you can further
specialize administrative accounts for application security.
The BIG-IP system now contains a new user account for administering application
security.
- Application Security Editors have permission to view and configure most parts of the Application Security Manager™ on specified partitions.
- Application Security Administrators have permission to view and configure all parts of the Application Security Manager, on all partitions. With respect to application security objects, this role is equivalent to the Administrator role.
Validating regular expressions
The RegExp Validator is a system tool designed to help you validate your regular
expression syntax. You can type a regular expression in the RegExp Validator, provide a
test string pattern, and let the tool analyze the data. The tool is included with Application Security Manager™.
The validation result indicates whether the regular expression is valid or not. The
first RegExp match displays the result of the verification check (if specified)
including if there are matches or not.