Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Web Attacks in IP Intelligence Vs ASM Policy

Hi,

We have a variety of applications that each have ASM policies to protect against web attacks etc. We also have IP Intelligence enabled in monitoring mode at the moment which we will switch to blocking mode for some categories shortly.

One of the available categories in the IPI setup is "Web Attacks". I am curious as to whether there is any benefit or risk enabling this if I already have a tailored, configured ASM policy. Which takes precedence, the ASM Policy Rules or the IPI Rules if they are each running.

I expect if both the ASM Policy and IPI web attack prevention are each enabled, then the traffic would be subject to both sets of rules?

Thank you.

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

saidshow

The traffic will be subject to both, however, as IPI works at the network layer then this will be triggered first, if the source IP was a known, malicious IP address, for instance.

IPI works hand in hand with the security features of both AFM and ASM and adds an extra layer of possible protections.

Hope this helps,

N

0
Comments on this Answer
Comment made 15-May-2016 by saidshow 332
Thanks Nathan. Is there somewhere I can get information on what rules the Web Attack checks by IPI will use? I ask as when setting up the ASM policies there were some instances of genuine application behaviour that was flagged as various attack signatures that needed to have allowances added to the policies so that the applications would work as intended. I don't see any options to tweak the settings in IPI like I can in the ASM. Thanks again.
0