Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Will auto policy builder handle wildcards parameters like PAR1, PAR2, PAR3 -> PAR?

Hello,

I am currently building up a policy in manual mode. Due to the size of this application, it requires a fair bit of work to add all parameters to the policy. A lot of these parameters are in the following form; PAR1 PAR2 iPAR1 iPAR2 PAR3 PAR4 ... PAR11 ...

Does the automatic policy builder correctly build wildcard parameters with the numbers as a wildcard? Thanks.

Regards

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Yes--but there is one important condition that must be met: If you are using automatic policy builder, and you would like to ASM to learn each unique parameter, you must select Comprehensive mode (as the policy type) when you build the policy in the Deployment Wizard. This will ensure that the learning method for parameters is Add All Entities. If you've already got a policy, you can still change the learning method for parameters to Add All Entities yourself.

1
Comments on this Answer
Comment made 09-May-2016 by NiHo 396
Hm, I assumed 'Add All Entities' meant 'add all entities separately'. Or will it just use wildcard '*' if I do not select it?
0
Comment made 09-May-2016 by Erik Novak
Add All Entities for parameters means that ASM will add each parameter detected in traffic to the policy explicitly. So if there are requests for PAR1 and PAR2, they will both be added to the Parameters list. The wildcard '*' will remain in place until there are no more parameters to learn. The wildcard exists as a catch-all object in your security policy in order to detect entities (such as parameters, but also file types and URLs) in traffic and then add them to the policy. This addition can happen automatically, or you can do it manually by reviewing Learning Suggestions for detected entities and then deciding whether or not to add them to the policy.
0
Comment made 09-May-2016 by NiHo 396
So your suggestion in your first comment is not answering my needs? I am looking for a way to NOT add explicit entries, but partial wildcard parameters. PAR1, PAR2 will become PAR* and not: PAR1, PAR2 as two separate parameters
0
Comment made 09-May-2016 by Erik Novak
Sorry about that, I misunderstood. So what you want to do is collapse similar parameters into a simpler entity. You can do that as well. Depending on your version of ASM, the exact path is a bit different: In v12.1, go to Learning and Blocking Settings, then expand Parameters. You will see an option to "Collapse many common Parameters into one wildcard Parameter after X occurrences." This will make PAR1, PAR2, etc. appear as PAR* or one wildcard parameter. In earlier versions of ASM, you can find that option inside automatic policy building settings.
0
Comment made 17-May-2016 by NiHo 396
Exactly what I needed, thank you @Erik Novak!
0