Hi experts, we have a security policy build using the automatic policy builder. Currently it is showing 47% complete.
I was checking if it has any learning suggestions so far, so i went to Ploicy building > Status (automatic) > details.
IF i expand the details under each category, lets say the 1st one - HTTP Protocol Compliance, it gives me a list of violations under it and then there`s a "enable" button. when i scroll my mouse on it. it says "accept the tighten rule". I am wondering what this means? Is it to enforce all these settings?
under all these violations, it states that the loosen: N/A and Tighten: Rule Satisfied.
I am on version 11.5.1 HF3.
Tighten simply means adding an explicit entry. In an example where you've got a wildcard fine type. You can tighten the policy by adding explicit file types, .CSS .HTML .txt etc. and then remove the wildcard. The policy is now tightened.
thanks Nathan, So does enable\tighten mean accept the violation? Something similar under manual traffic learning?
I'm not sure about that... This is True for File Types and Parameters, but for HTTP Compliance, and Evasion Techniques detected for example this Enable the settings in the "Blocking Settings" Section. Enabling those settings mean, start blocking non compliant HTTP Requests as soon as you ar in Blocking Mode.
Hello F5 Experts and F5, Could you provide some document or video explanation to this process please? The documentation is mostly version specific and I couldn't seem to find a comprehensive information about all of these details. For my case I'm looking at Security > Application Security > Policy Building > Status >> Signature Stability >> Enforce signatures >> Action button. Does clicking this button mean that I will be enforcing all 2000+ signatures in the policy? Does not clicking this button mean that I am not enforcing all 2000+ signatures :( ? I see that the policy is in fact blocking but need to understand the extent of blocking a little better during the Real Traffic Policy Building process. For the example I'm looking at right now, the Real Traffic Policy Builder shows what looks to be 80% progress. We're running ASM 11.6. Thank you.