Nimbostratuscan i add nginx on "Available System > Web Servers" at Deployment wizard:Configure Attack Signatures ? or i should use "other web server" ?
how can ASM cover REST, WCF and WEB API ?
Thank You
Unfortunately, there's no "nginx" specific system signatures to add in the deployment wizard. You could use "other web server" like you mentioned, but be sure to add the other appropriate signatures as well (operating system -> Unix/Linux, etc). On a related note, you can always navigate to Security >> Application Security >> Attack Signatures >> Attack Signatures List to view the specific signatures associated with each specific system you might choose while building your policy in the deployment wizard. Sometimes people might wonder what signatures they are choosing when they select a specific system in the deployment wizard. The Attack Signatures List allows you to see the specific signatures you will be deploying. You can "Show Filter Details" and then select/deselect the various systems and click "Go" to see the signatures associated with the systems. Also, keep in mind that "General Database, System Independent, and Various systems" signatures are automatically added to every security policy. Many of these signatures will be relevant to your application without having to add any extra signatures.
As for the REST, WCF, and WEB APIs, you could use the "XML and web services" manual method to create your security policy in the deployment wizard. This method will automatically build in support for web services, and it will add the XML-specific signatures you will need.
Here's an article I wrote on ASM attack signatures...it might provide a little more info as well: https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-4-attack-signatures.UssBx7HnbIW
NimbostratusHi John,
thank you for your answer, and the article too.. :)
