Reference: WAF Policy Templates

WAF policy templates are required for creating a new Web Application Firewall (WAF) security policy. Each template includes default settings that provide protection according to the most common application needs. Review the list below to select a policy template, and fine-tune as needed.

See How To: Manage and Edit a WAF Policy on BIG-IP Next Central Manager for information about how general settings are populated for each template.

See Reference: Violation Protection for more information about policy violations and violation detection.

WAF Policy Templates

  • Rating-Based Template - Moderate security template intended for applications that need minimal administrative or fine-tuning requirements.

  • Comprehensive Template - Maximum security template for applications that need high administrative or fine-tuning requirements.

  • Fundamental Template - High security template for applications that need moderate-to-high administrative or fine-tuning requirements.

  • Rapid Template - Essential security for applications that need rapid deployment, moderate protection and low administrative requirements.

Note: The following list provides a general overview of each template.

Rating-Based Template

The Rating-Based template is the default WAF policy template. Protection against attacks applies blocking (or alarm depending on your configured settings) traffic that includes a high risk violation. This ensures the highest protection against malicious traffic and lowered rate of false-positives, without having to modify the policy on a regular basis.

Rating-based protection enforces violations by violation rating scale, which is system-based assessment of the request’s risk.

For more information about rate-based protection see Overview: WAF Rating-Based Protection.

Comprehensive Template

The Comprehensive template is intended to provide maximum security with all violations, features, and learning is turned on. The template is recommended for expert security operations managers.

Fundamental Template

The Fundamental template provides enhanced security during the policy building process as the policy actively blocks violations. This template is recommended for intermediate users and may require more time to fine-tune.

Rapid Template

The Rapid template provides security features that minimize the number of false positive alarms and reduce the complexity and length of policy staging period. With the Rapid template, you can quickly create a security policy that meets the majority of web application security requirements.

The system creates a simple security policy that protects against known security problems, such as evasion attacks, data leakage, and buffer overflow attacks. The rapid deployment security policy operates in transparent mode (meaning that it does not block traffic unless you changed the enforcement mode and enforce the policy). If the system receives a request that violates the security policy, the system logs the violation event, but does not block the request. Suggestions for changes to the policy are added to the learning suggestions

General policy template overview

This table provides a high-level description of the security settings provided by each template. For more information about the violation protection from each template, see Reference: Violation Protection.

General Setting Rating-Based Rapid Fundamental Comprehensive
Enforcement Mode Blocking Transparent Blocking Blocking
Application Language UTF-8 UTF-8 Auto detect Auto detect
Bot Defense Enabled Enabled Enabled Enabled
Threat Campaigns Enabled Enabled Enabled Enabled
IP Intelligence Enabled Enabled Enabled Enabled
Log Events Illegal Illegal Illegal Illegal
Signature Sets High accuracy attack signature set Generic Detection Signatures Generic Detection Signatures Generic Detection Signatures
Enable Signature Staging True True True True
Learn Explicit URLs Never Never (wildcard only) Never (wildcard only) Compact
Learn Explicit Web Socket URLs Never Never (wildcard only) Never (wildcard only) Always
Learn Explicit Web Parameters Never Never Selective Compact
Learn Host Names False False True True
Learn Explicit Cookies Never Never Selective Selective
Learn Explicit File Types Never Never Compact Compact
Policy Building Learning Mode N/A Manual Automatic Automatic