F5 ASM Wilcard Parameter

Question

Hello Experts&nbsp;
F5 is in manually learning mode . I made wildcard parameter and enable the tightening. I learned 10 parameters. I accept those parameters.&nbsp;
1- Should I enable the staging for all 10 parameters? What other learning suggestions, I would get?&nbsp;
2- If I enable staging in wildcard then staging would be automatic enable on learned parameters?&nbsp;
3- After learning is complete, should I delete wildcard entry and then put in block mode? &nbsp;
4- After putting in blocking mode, new parameters comes and wildcard is still there then it would allow that new parameter? &nbsp;
Thanks for reply&nbsp;
Regards,&nbsp;
GR&nbsp;

nathe · Answer

ghost-rider,&nbsp;
Answers to the above:&nbsp;

from point 4 it sounds as if you are in transparent mode. If so then no need for staging period. Staging will only not block if the policy was set to block. transparent mode won't block so no need.

not sure that it is&nbsp;

you can do both. Yes to enable block mode if you're happy that the policy is as it should be. if you want the tighest configuration possible then do delete the wildcard entry as any parameters not explicitly defined will match this.

yes it will do.&nbsp;

Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

F5 ASM Wilcard Parameter

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

ASM blocked request contains & (ampersand) symbol in parameter value

Brute Force protection for single parameter like OTP

ASM logs

Define allowed character in ASM for JSON parameter

Wildcard Parameter signature attack