Manual :
BIG-IP Application Security Manager: Implementations
Applies To:
Show VersionsBIG-IP ASM
- 13.0.0
Original Publication Date: 02/22/2017
-
Preventing DoS Attacks on Applications
-
What is a DoS attack?
- About recognizing DoS attacks
- When to use different DoS protections
- About proactive bot defense
- About configuring TPS-based DoS protection
- About configuring stress-based DoS protection
- About Behavioral DoS protection
- About DoS mitigation methods
- About geolocation mitigation
- About heavy URL protection
- About cross-domain requests
- About site-wide DoS mitigation
- About CAPTCHA challenges in DoS detection
- About DoS protection and HTTP caching
-
Overview: Preventing DoS attacks on applications
- Configuring DoS protection for applications
- Creating a whitelist for DoS protection
- Using proactive bot defense
- Configuring bot defense logging
- Configuring bot signature checking
- Configuring TPS-based DoS detection
- Configuring behavioral & stress-based DDoS protection
- Configuring heavy URL protection
- Recording traffic during DoS attacks
- Configuring CAPTCHA for DoS protection
- Associating a DoS profile with a virtual server
- Implementation Result
-
What is a DoS attack?
- Viewing DoS Reports, Statistics, and Logs
-
Configuring DoS Policy Switching
-
Overview: Configuring DoS policy switching
- About DoS protection and local traffic policies
- Creating a DoS profile for Layer 7 traffic
- Modifying the default DoS profile
- Creating a local traffic policy for DoS policy switching
- Creating policy rules for DoS policy switching
- Associating a DoS profile with a virtual server
- Associating a published local traffic policy with a virtual server
- Implementation results
-
Overview: Configuring DoS policy switching
- Using Shun with Layer 7 DoS
- Creating Login Pages for Secure Application Access
- Mitigating Brute Force Attacks
-
Detecting and Preventing Web Scraping
-
Overview: Detecting and preventing web scraping
- Prerequisites for configuring web scraping
- Adding allowed search engines
- Detecting web scraping based on bot detection
- Detecting web scraping based on session opening
- Detecting web scraping based on session transactions
- Using fingerprinting to detect web scraping
- Displaying web scraping event logs
- Viewing web scraping statistics
- Implementation Result
-
Overview: Detecting and preventing web scraping
- Setting Up IP Address Intelligence Blocking
- Managing IP Address Exceptions
- Disallowing Application Use at Specific Geolocations
- Protecting Sensitive Data with Data Guard
- Masking Credit Card Numbers in Logs
- Displaying Reports and Monitoring ASM
- Logging Application Security Events
-
Preventing Session Hijacking and Tracking User Sessions
- Overview: Preventing session hijacking
- Overview: Tracking user sessions using login pages
-
Overview: Tracking application security sessions using APM
- Creating a VLAN
- Creating a self IP address for a VLAN
- Creating a local traffic pool for application security
- Creating a virtual server to manage HTTPS traffic
- Creating a simple security policy
- Creating an access profile
- Configuring an access policy
- Adding the access profile to the virtual server
- Setting up ASM session tracking with APM
- Monitoring user and session information
- Mitigating Open Redirects
- Setting Up Cross-Domain Request Enforcement
- Implementing Web Services Security
- Fine-tuning Advanced XML Security Policy Settings
- Adding JSON Support to an Existing Security Policy
- Creating Security Policies for AJAX Applications
- Securing Web Applications Created with Google Web Toolkit
- Adding Server Technologies to a Policy
-
Refining Security Policies with Learning
- About learning
- About learning suggestions
- What violations are unlearnable?
- Configuring how entities are learned
- Learning from responses
- Learning based on response codes
- Reviewing learning suggestions
- Viewing requests that caused learning suggestions
- Viewing and allowing ignored suggestions
- About enforcement readiness
- Enforcing entities
- Exploring security policy action items
-
Changing How a Security Policy is Built
-
Overview: Changing how a security policy is built
- Changing how to build a security policy
- Adding trusted IP addresses to a security policy
- Learning host names automatically
- Classifying the content of learned parameters
- Specifying whether to learn integer parameters
- Specifying when to learn dynamic parameters
- Collapsing entities in a security policy
- Changing how cookies are enforced
- Limiting the maximum number of policy elements
- Classifying the content of requests to URLs
- Specifying the file types for wildcard URLs
- Disabling full policy inspection
- Stopping and starting automatic policy building
-
Overview: Changing how a security policy is built
- Configuring Security Policy Blocking
- Configuring What Happens if a Request is Blocked
-
Adding Entities to a Security Policy
- Adding File Types to a Security Policy
-
Adding Parameters to a Security Policy
-
About adding parameters to a security policy
- Creating global parameters
- Creating URL parameters
- Creating flow parameters
- Creating sensitive parameters
- Disallowing file uploads in parameters
- Creating navigation parameters
- Creating parameters with dynamic content
- Creating parameters with dynamic names
- Changing character sets for parameter values
- Changing character sets for parameter names
- Adjusting the parameter level
- Parameter Value Types
- How the system processes parameters
- About path parameters
- Enforcing path parameter security
- Overview: Securing Base64-Encoded Parameters
-
About adding parameters to a security policy
-
Adding URLs to a Security Policy
- About adding URLs
- About referrer URLs
- Adding allowed HTTP URLs
- Adding disallowed HTTP URLs
- Creating allowed WebSocket URLs
- Adding disallowed WebSocket URLs
- Enforcing requests for HTTP URLs based on header content
- Specifying characters legal in URLs
- Overriding methods on URLs
- Configuring flows to URLs
- Creating flow parameters
- Configuring dynamic flows to URLs
- Configuring dynamic session IDs in URLs
- Adding Cookies
- Adding Allowed Methods to a Security Policy
-
Securing Applications That Use WebSocket
-
Overview: Securing applications that use WebSocket connections
- About WebSocket security
- About WebSocket and login enforcement
- About WebSocket and cross-domain request enforcement
- Securing WebSocket applications: The easy way
- Creating a WebSocket profile
- Recognizing WebSocket traffic
- Creating a JSON profile
- Creating a plain text content profile
- Creating allowed WebSocket URLs
- Adjusting learning settings for WebSocket URLs
- Classifying the content of requests to WebSocket URLs
- Adding disallowed WebSocket URLs
- Associating a profile with a WebSocket URL
- WebSocket violations
-
Overview: Securing applications that use WebSocket connections
- Configuring HTTP Headers that Require Special Treatment
-
Changing Security Policy Settings
-
About security policy settings
- Editing an existing security policy
- Changing security policy enforcement
- Adjusting the enforcement readiness period
- Viewing whether a security policy is case-sensitive
- Differentiating between HTTP and HTTPS URLs
- Specifying the response codes that are allowed
- Activating ASM iRule events
- Allowing XFF headers in requests
- Adding host names
- Protecting against cross-site request forgery (CSRF)
-
About security policy settings
- Configuring General ASM System Options
- Working with Violations
- Maintaining Security Policies
- Configuring ASM with Local Traffic Policies
-
Automatically Synchronizing Application Security Configurations
-
Overview: Automatically synchronizing ASM systems
- About device management and synchronizing application security configurations
- Considerations for application security synchronization
- Performing basic network configuration for synchronization
- Specifying an IP address for config sync
- Establishing device trust
- Creating a Sync-Failover device group
- Syncing the BIG-IP configuration to the device group
- Specifying IP addresses for failover communication
- Creating a Sync-Only device group
- Enabling ASM synchronization on a device group
- Synchronizing an ASM-enabled device group
- Implementation result
-
Overview: Automatically synchronizing ASM systems
-
Manually Synchronizing Application Security Configurations
-
Overview: Manually synchronizing ASM systems
- About device management and synchronizing application security configurations
- Considerations for application security synchronization
- Performing basic network configuration for synchronization
- Specifying an IP address for config sync
- Establishing device trust
- Creating a Sync-Failover device group
- Syncing the BIG-IP configuration to the device group
- Specifying IP addresses for failover communication
- Enabling ASM synchronization on a device group
- Synchronizing an ASM-enabled device group
- Implementation result
-
Overview: Manually synchronizing ASM systems
-
Synchronizing Application Security Configurations Across LANs
-
Overview: Synchronizing ASM systems across LANs
- About device management and synchronizing application security configurations
- Considerations for application security synchronization
- Performing basic network configuration for synchronization
- Specifying an IP address for config sync
- Establishing device trust
- Creating a Sync-Failover device group
- Syncing the BIG-IP configuration to the device group
- Specifying IP addresses for failover communication
- Creating a Sync-Only device group
- Enabling ASM synchronization on a Sync-Only device group
- Synchronizing an ASM-enabled device group
- Implementation result
-
Overview: Synchronizing ASM systems across LANs
- Integrating ASM with Database Security Products
-
Integrating ASM and APM with Database Security Products
- Overview: Integrating ASM and APM with database security products
-
Prerequisites for integrating ASM and APM with database security
- Creating a VLAN
- Creating a self IP address for a VLAN
- Creating a local traffic pool for application security
- Creating a virtual server to manage HTTPS traffic
- Creating a simple security policy
- Creating an access profile
- Configuring an access policy
- Adding the access profile to the virtual server
- Configuring a database security server
- Enabling database security integration with ASM and APM
- Implementation result
- Securing FTP Traffic
-
Securing SMTP Traffic
- Overview: Securing SMTP traffic using system defaults
-
Overview: Creating a custom SMTP security profile
- Creating a custom SMTP service profile
- Creating a security profile for SMTP traffic
- Enabling anti-virus protection for email
- Modifying associations between service profiles and security profiles
- Creating and securing an SMTP virtual server and pool
- Reviewing violation statistics for security profiles
- Legal Notices