Forum Discussion

Sriram_Shanmuga's avatar
Sriram_Shanmuga
Icon for Altostratus rankAltostratus
Sep 20, 2018

Deploy ASM for a web application in 1 day

Hi All,

 

We have a requirement to setup WAF policy in 1 day in blocking mode. Please suggest a way to handle false positive. Is it recommended to take rapid deployment for this mode ?

 

Regards Ram

 

4 Replies

  • Hi,

     

    As you know rapid deploymenet allow to deploy security policy quickly, without complexity and minimize the number of false positive.

     

    By default, the Rapid Deployment security policy includes the following security checks:

     

    • Performs HTTP compliance checks
    • Checks for mandatory HTTP headers
    • Stops information leakage
    • Prevents illegal HTTP methods from being used in a request
    • Checks response codes
    • Enforces cookie RFC compliance
    • Applies attack signatures to requests (and responses, if applying signatures to responses)
    • Detects evasion technique
    • Prevents access from disallowed geolocations
    • Prevents access from disallowed users, sessions, and IP addresses
    • Checks whether request length exceeds defined buffer size
    • Detects disallowed file upload content
    • Checks for characters that failed to convert
    • Looks for requests with modified ASM™ cookies

    as far as I'm concerned I always deactivate the following - HTTP compliance - illegal HTTP methods ...

     

    this saves me from having to regularly adjust the configuration.

     

    if you want to avoid all false positives you will be able to apply the ASM policy only to a user group (trust users). to allow all blocked streams from these users. once this work is done you will be able to apply the ASM policy to all of the users. you can do that using an IRULE for example.

     

    regards,