Forum Discussion

Arif_Mohammed_1's avatar
Arif_Mohammed_1
Icon for Nimbostratus rankNimbostratus
Oct 25, 2017
Solved

how to block asm

Link 1: https://support.f5.com/csp/article/K14709 One link says Bypassing the BIG-IP ASM system Local Traffic -> Virtual Servers -> Security -> Policies -> Application Security Policy -> Enabled or ...
ASM Advanced WAF
security
  • Martijn_144688's avatar
    Martijn_144688
    Oct 25, 2017

    Arif,

     

    When you select disable in Local Traffic -> Virtual Servers -> Security -> Policies -> Application Security Policy, ASM is disabled for that virtual server and the policy is not applied. So nothing is blocked by ASM. Maybe AFM is enabled and a Network Firewall policy is configured on the virtual server, but this has nothing to do with ASM.

     

    In Security > Application Security > Security Policies you can select Transparent or Blocking for the ASM policy. If Transparent is selected, nothing is blocked when a violation is detected by ASM. A log is created and you can select to block these kind of events in the future or ignore the violation. When Blocking is selected, the traffic is blocked when a violation is detected. A log is created and you can decide to accept this block or override the block by allowing these kind of event.

     

    This is what the help page on the appliance says:

     

    Transparent: Specifies that, when the system receives a request that violates a security policy parameter, the system logs the violation event, but does not block the request.

     

    Blocking: Specifies that, when the system receives a request that violates a security policy parameter, the system logs the violation event, blocks the request, and responds to the request by sending the Blocking Response page and Support ID information to the client.

     

    Hope this helps.

     

    Regards, Martijn.

     

Martijn_144688's avatar
Martijn_144688
Icon for Cirrostratus rankCirrostratus

Arif,

 

When you select disable in Local Traffic -> Virtual Servers -> Security -> Policies -> Application Security Policy, ASM is disabled for that virtual server and the policy is not applied. So nothing is blocked by ASM. Maybe AFM is enabled and a Network Firewall policy is configured on the virtual server, but this has nothing to do with ASM.

 

In Security > Application Security > Security Policies you can select Transparent or Blocking for the ASM policy. If Transparent is selected, nothing is blocked when a violation is detected by ASM. A log is created and you can select to block these kind of events in the future or ignore the violation. When Blocking is selected, the traffic is blocked when a violation is detected. A log is created and you can decide to accept this block or override the block by allowing these kind of event.

 

This is what the help page on the appliance says:

 

Transparent: Specifies that, when the system receives a request that violates a security policy parameter, the system logs the violation event, but does not block the request.

 

Blocking: Specifies that, when the system receives a request that violates a security policy parameter, the system logs the violation event, blocks the request, and responds to the request by sending the Blocking Response page and Support ID information to the client.

 

Hope this helps.

 

Regards, Martijn.

 

Martijn_144688's avatar
Martijn_144688
Icon for Cirrostratus rankCirrostratus
Oct 26, 2017

Arif,

 

You are correct. When you enable ASM in Local Traffic -> Virtual Servers -> Security -> Policies -> Application Security Policy, you can select the required ASM policy and ASM is enabled for that virtual server.

 

Ones this is done, you can select what you want to policy to do. Block (Blocking) traffic that is a violation or pass (Transparent) traffic that is a violation and decide later to allow or block it.

 

If you want to disable ASM again, just disable it in Local Traffic -> Virtual Servers -> Security -> Policies -> Application Security Policy.

 

Regards, Martijn.