Nokron
WAF F5
NokronGitLabELK stackWAF F5
WAF F5
NokronGitLabELK stackWAF F5
  • BIG-IP Application Security Manager
    • HTTP Protocol
      • Deep Dive to “HTTP Request” on ASM Module
      • ASM Example: Detecting a Malicious HTTP Request
    • Introduction to OWASP Top-10 Security Risks
    • Application Security Policy Templates in F5 ASM
      • Security Policy Levels
      • Explicit Entities Learning
      • Policy Modification
      • Gradual / Modular Blocking
      • Application Security Policy Lifecycle
      • Security Policy Enforcement Modes
      • Security Policy Violation Flags
      • How to Increase Learning Score / Deployment Speed
      • Comparison: Enforcement Mode, Learning Mode, and Violation Flags
    • Security Entities in Application Security Policy
      • Enforcement Readiness Summary
      • HTTP / HTTPS / WS / WSS URLs
      • Allowed Parameters in Security Policies
      • Allowed File Types in Security Policies
    • Tuning Security Policies: Analyzing and Categorizing Violations
      • Learning Suggestions in Security Policy Tuning
      • Policy Diff: Comparing and Auditing Security Policies
    • IP Address Exception Properties in ASM/AWAF
    • Cross-Site Request Forgery (CSRF) Protection in F5 ASM/AWAF
    • Sensitive Data Masking / Scrubbing (Data Guard) in F5 ASM/AWAF
    • Anti-virus Protection through an ICAP Server in F5 ASM/AWAF
    • Cookies in F5 ASM/AWAF Security
    • Session Tracking and Session Awareness in F5 ASM/AWAF
    • Evasion Technique Detection in F5 ASM/AWAF
    • Important Tips about Security Policy in F5 ASM/AWAF
    • L7 DDoS Attack Protection Configuration
    • TPS-based Attack Vectors and Stress-based Attack Vectors
    • Mitigation Techniques for DoS and Bot Protection
    • Important Tips about Events Logging
    • High-Speed Logging (HSL) Configuration
    • Web Threat Campaigns (v14.0+)
    • IP Intelligence (IPI) Subscription-Based License
    • Geo-IP Database Functionality
    • General Security Standards and WAF Support
    • ASM - Virtual Edition (VE) Tips
    • How to Bypass ASM Module
    • ASM Traffic Processing Daemon (bd)
    • ASM and AAM Integration
  • BIG-IP LTM Technology
    • Source IP Address and PORT Translation in BIG-IP
    • Packet Filters
    • Traffic / Service Profiles in BIG-IP
    • Virtual Servers and Their Behavior with Different Profiles in BIG-IP
      • Detailed Overview of Profiles in BIG-IP LTM
      • Optimizing for Mobile Clients in BIG-IP LTM
      • Connection Mirroring in BIG-IP LTM
      • AVR (Analytics) Profile in BIG-IP LTM
      • Health Monitoring in BIG-IP LTM
      • SSL Profile in BIG-IP LTM
      • Load-balancing Methods in BIG-IP LTM
      • Persistence Profile in BIG-IP
      • CMP vs. SMP in BIG-IP Systems
      • OneConnect Profile in BIG-IP
Powered by GitBook
On this page
  1. BIG-IP Application Security Manager
  2. Application Security Policy Templates in F5 ASM

Gradual / Modular Blocking

Gradual or modular blocking is a security policy strategy in which violations are incrementally enforced. This method enables certain violations to be blocked immediately, while others remain in a "staging" phase to be tuned and adjusted over time. It provides flexibility and ensures a balance between protection and application availability.

Key Features

  1. Incremental Enforcement:

    • Violations are grouped into modules, such as attack signatures, file types, or parameter lengths.

    • Some modules are immediately enforced while others are staged for learning and fine-tuning.

  2. Staging Mode:

    • Non-blocking mode allows observation of how a policy interacts with real-world traffic.

    • Recommendations are generated to help fine-tune the staged violations.

  3. Customizable Blocking:

    • Administrators can choose which types of violations to block (e.g., SQL injection) and which to observe.

    • Modules can be moved from staging to blocking as confidence in the policy grows.

  4. Gradual Stability:

    • As modules are fine-tuned, the policy becomes more robust and can be fully enforced over time.

    • Reduces false positives and ensures seamless application functionality during the tuning phase.

Texted Graph: Gradual/Modular Blocking

+---------------------------+           +-------------------------+  
|         Traffic           |           |     Policy Builder      |  
+---------------------------+           +-------------------------+  
             |                                     |  
             |          Fine-tuning               |  
             +------------------------------------>  
             |                                     |  
   +-----------------+                   +---------------------+  
   | Blocking Module |                   |    Staging Module   |  
   +-----------------+                   +---------------------+  
             |                                     |  
             |      Gradual Blocking              |  
             +------------------------------------>  
             |                                     |  
   +-------------------------+        +----------------------------+  
   | Immediate Protection    |        | Observing & Adjusting      |  
   +-------------------------+        +----------------------------+

How Gradual Blocking Works

  1. Initial Setup:

    • Configure a policy with a mix of blocking and staging modules.

    • Use staging mode to observe and analyze how traffic behaves under the policy.

  2. Fine-tuning Phase:

    • Based on traffic insights, adjust the staged violations to reduce false positives.

    • Gradually move tuned modules from staging to blocking.

  3. Full Enforcement:

    • Over time, as confidence in the policy grows, all modules can be moved to blocking.

    • The policy becomes fully robust and enforced without impacting legitimate traffic.

Advantages

  • Flexibility: Protect critical areas immediately while tuning other areas gradually.

  • Reduced False Positives: Staging mode allows observation without immediate enforcement.

  • Seamless Rollout: Avoids disruptions by gradually enforcing security rules.

  • Customization: Tailored to specific application needs and risk tolerance.

PreviousPolicy ModificationNextApplication Security Policy Lifecycle

Last updated 3 months ago