Nik
Cirrus
Cirrusstarting guide for asm
i was wondering if anyone knew of a good beginner's guide to asm? we're eval'ing it right now and none of the documentation i've found is very useful.
Forum Discussion
4 Replies
Leonardo_39231Nimbostratus
I had/have the same issue, the best I could find were the two F5 links below. The best way I found learning was building a virtual edition with ASM, then build a windows client and server, and put "WebGoat" on the server to test ASM. It took some time but it allows you to build an ASM security policy and test against it using WebGoat as a target. Hope this help and maybe someone will have better resources.
Getting Started guide: http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-11-2-0.html
Configuration guide: http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-config-11-2-0.html
WebGoat: https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
- Nikwe already have the trial edition of the license on a testing f5 so no need for virtual edition. those links you provided were very useful, thank you!
- Mike_Maher
Nik, I think the documents and advice that Leonardo gave was good. If you come up with any specific questions though surrounding ASM please post them, as I have always gotten good information off of here.
Mike
SanjayPNacreous
Hi Mike,
We are seeing unexpected ASM behaviour. we are using URL based rated limiting with below rates.
TPS increased by 1000 % TPS reached 10 transactions per second Minimum TPS Threshold for detection 5 transactions per second
When requests were sent at 12 TPS rate for 11 min, around 3614 requests out of 7500 requests sent. Isn’t F5 rejecting more requests? As per policy set, F5 should reject 2 TPS/Sec i.e. around 1320 requests, but it’s rejecting around 50% (3614) of connections.
We are using jmeter tool for load testing.
