WAF Management

WAF creates robust security policies that protect web applications from targeted application layer threats, such as buffer overflows, SQL injection, cross-site scripting, parameter tampering, cookie poisoning, web scraping, and many others, by allowing only valid application transactions. Using a positive security model, WAF secures applications based on a combination of validated user sessions and user input, as well as a valid application response. WAF also includes built-in security policy templates that can quickly secure common applications.

WAF also protects applications using negative security by means of attack signatures. Attack signatures can detect and thwart attacks such as the latest known worms, SQL injections, cross-site scripting, and attacks that target commonly used databases, applications, and operating systems.

WAF management lifecycle

• Protect new applications
• Import, Export, Clone, Revert, or Delete a WAF Policy
• How to: Policy actions from WAF Advanced Dashboard
• How To: Create and Manage WAF Event Logs on BIG-IP Next Central Manager
• How To: Manage WAF Security Reports
• Overview: WAF Rating-Based Protection

Customize a WAF Policy

• Controlling Application use by Geolocations
• Evasion Technique Violation Protection
• HTTP Protocol Compliance Protection
• Attack Signatures
• Attack Signature Sets
• Add IP Address Exceptions
• Policy Builder
• Blocking Response Pages
• Data Guard
• CSRF protection
• SSRF protection
• Brute force attack protection
• L7 DoS protection
• Bot protection
• Manage File Types
• Manage URLs
• Manage HTTP Methods
• Manage Cookies
• Manage Host Names
• Manage Parameters
• Add IP Intelligence
• How To: Override an attack signature on BIG-IP Next Central Manager
• Install Live Updates

Work with WAF on BIG-IP Next Central Manager

• API Use Cases: Manage and edit a WAF policy on BIG-IP Next Central Manager
• How To: Define sensitive parameters on BIG-IP Next Central Manager

Work with WAF in BIG-IP Next Central Manager’s Policy Editor

• How To: Configure WAF Policy
• How to: Add a remote security log server
• How to: Enable file types
• How to: Configure Parameter Handling
• How to: Allow Parameter Meta-Characters
• How to: Define Sensitive Parameters
• Overview: Masking credit card numbers
• How to: Mask Credit Card Numbers
• Overview: User-defined HTTP Headers
• How to: Configure User Defined HTTP Header
• Overview: Differentiating between HTTP and HTTPS URLs
• How to: Differentiating between HTTP and HTTPS URLs
• How to: Configure multiple user-defined parameters, including empty and repeated
• How to: Limit user-defined parameter to a single context
• How To: Configure user-defined numeric parameter
• How to: Configure whether the user-defined parameter value is also a multiple of a specific number
• How to: Configure user-defined text and query parameters
• How to: Enable the illegal method violation
• How to: Set Enforcer Cookie Settings
• Overview: CSRF Configuration
• How to: Enable CSRF globally with no customization
• How to: Configure a custom CSRF URL wildcard and myurl
• How to: Define a custom CSRF URL and policy-wide host-name domain without subdomains
• Overview: User-Defined URLs
• How to: Configure wildcard/explicit URLs
• How to: Configure meta-characters in a user-defined URL
• How to: Disable one signature and enable another in a user-defined URL
• How to: Configure json/xml/form-data content types for a specific user-defined URL
• JSON Web Token Protection
• Overview: Login Pages for Secure Application Access
• How to: Configure login enforcement
• How to: Configure login with HTML form authentication
• How to: Configure login with AJAX or JSON request authentication
• How to: Add a login page with Windows NT LAN Manager (NTLM) authentication
• How to: Add a logout URL
• How to: Set disallowed geolocations
• How to: Configure SSRF protection
• Overview: User-Defined Signatures
• How to: Work with user-defined signatures
• Reference: IP Intelligence Categories
• How to: Set IP Intelligence
• How to: Configure Attack Signatures
• How to: Enable a specific attack signature
• How to: Exclude single signature in a set
• How to: Configure Layer 7 DoS protection
• How to: Configure Layer 7 DoS Remote Logging
• How to: Log Bot Defense traffic
• How to: Update the F5-provided Attack Signatures package
• How to: Create an AJAX custom blocking page
• How to: Create a custom redirect URL response page
• Overview: Server Technologies
• How to: Enable Server Technology Signature
• How to: Enable Data Guard Blocking
• How to: Enable Data Guard Masking
• How to: Activating Brute Force Alarm login attempts from same user
• How to: Activate Brute Force Block login attempts from same IP
• How to: Enable blocking evasion technique
• How to: Add or Update Threat Campaigns
• How to: Modify Threat Campaign
• How to: Modify Bot Signature Enablement
• How to: Change Bot Anomaly Configuration
• How to: Add or update bot signatures
• Overview: Long Requests
• How to: Enable the shutdown flag

WAF References

• Reference: WAF Terminology
• Reference: WAF Policy Templates
• Reference: Web Application Event Logs
• Reference: L7 DoS Event Logs
• Reference: Attack Signatures
• Reference: Bot mitigation settings
• Reference: WAF Policy Builder
• Reference: File Types
• Reference: Parameters
• Reference: Authentication types
• Reference: Cookie Enforcement
• Reference: Host name enforcement
• Reference: URL Enforcement
• Reference: Attack Signature Sets
• Reference: Violation Protection
• Reference: WAF Web Protection Dashboard
• Reference: WAF L7 DoS Dashboard
• WAF Feature Mapping between BIG-IP and BIG-IP Next
• Declarative WAF Policy Schema