Passo 3 - F5 Virtual Environment Hands-On Exercise Guide - ASM (LatAm)

March 25, 2018 | Author: Anonymous 8dKCGo01 | Category: Technology, World Wide Web, Hypertext Transfer Protocol, Login, Websites
Share
Report this link


Comments



Description

F5 Virtual EnvironmentHands-On Exercise Guide ASM Exercises F5 Virtual Environment Hands-On Exercise Guide – Exercise 1 – Enable ASM Protection ASM HANDS-ON EXERCISES EXERCISE 1 – ENABLE ASM PROTECTION Your customer is running a vulnerable Web site and would like to use F5’s Application Security Manager to protect the Web site from malicious attacks.  Estimated completion time: 20 minutes TASK 1 – Create a Pool and a Virtual Server Use the configuration utility to create both a pool to support the customer’s action Web site, and then create a new virtual server that uses the new pool. 1. In VMware Workstation, power on the phpauction image. 2. Connect and log in to your BIG-IP. 3. Verify that you have restored using archive_After_1D (you should have only the http_vs virtual server). 4. Create a new pool using the following information: Name auction_pool Health Monitors http Members 172.16.20.150:80 5. Create a new virtual server object using the following information: Name auction_vs Destination Address 10.10.20.110 Service Port 443 HTTP Profile http SSL Profile (Client) clientssl SNAT Pool Auto Map Default Pool auction_pool 6. enter 123-45-6789) o For the Credit Card Number. Click the Your control panel link in the Logged in section on the right-side of the page.F5 Virtual Environment Hands-On Exercise Guide – Exercise 1 – Enable ASM Protection TASK 2 – Verify Web Site Vulnerabilities Use a Web browser to access the auction virtual server IP address and attempt various well-known attacks against the Auction Web site to determine its current security state. enter your actual social security number (if you do not have a social security number. 8. Use the Register now link at the top to create a user account. (→NOTE: It may take up to three minutes for the request to complete.10. 1.20. Click Submit Query. type 4111111111111111 4. o All fields are required o For the Address.) 5. 2. Click on the Home link.110. Click Go. enter the username and password you submitted in step 3. 3. (NOT the link on the top menu bar. Open a new Web browser window and access https://10.) Questions: a) Are you able to view your personal information? _________________ b) Was your credit card number sent in HTML plain text? _________________ . 7. In the User login section. Verify that the Hack-it-yourself auction Web site displays. Edit the end of the URI to read: ?nick=bobsmith. 13. and click Submit Query again. select Bad item. Question: c) Are you able to view another user’s personal information? _________________ 10. </script> Auction starts with $10 Country United States of America Zip Code 98119 Payment methods MasterCard or Visa Choose a category Toys and Games NOTE: Leave all other fields set to their default values. 14.) 17. Questions: d) What information were you presented with? _____________________________ __________________________________________________________________ e) What type of Web site vulnerability is this? ______________________________ 11. When prompted. enter your Password. . Select the Home link.F5 Virtual Environment Hands-On Exercise Guide – Exercise 1 – Enable ASM Protection 9. 16. 15.com"). and then log back in as the username you submitted in step 3. 12. (→NOTE: It may take up to three minutes for the request to complete. From the Last created auctions list. Sell an item using the following information: Item title Item description Bad item <script> alert ("Don’t use this site .go to http://mysite. Edit the end of the URI to read: ?nick=*. Select the Sell an item link. Click Submit Query. Click Logout. . Questions: h) What information was presented? ______________________________________ i) What type of Web site vulnerability is this? _______________________________ 22. In the User login section. There is now an active security policy. From the Application Security list box. Click Go. Click Logout. Access the Application Security > Policy > Policy > Properties page. 6. 3. In the BIG-IP configuration utility. Create an HTTP class profile named secure_profile. Click the Your control panel link in the Logged in section on the right-side of the page. access the Local Traffic > Profiles > Protocol > HTTP Class page. in the Username field type: ' or 1=1# 20. 21. Click Finished. select Enabled. 1.F5 Virtual Environment Hands-On Exercise Guide – Exercise 1 – Enable ASM Protection Questions: f) What happens when users select this item? _ _____________________________ __________________________________________________________________ g) What type of Web site vulnerability is this? ______________________________ 18. and then close the auction Web site browser window. 5. ASM notifies that the security policy application language is not defined. 4. TASK 3 – Create an HTTP Class Profile Create an HTTP class profile. Click Logout. and then view the security policy that is automatically generated by ASM. 2. Access the Application Security > Security Policies > Policies List > Active Policies page. 19. 10. 5.F5 Virtual Environment Hands-On Exercise Guide – Exercise 1 – Enable ASM Protection TASK 4 – Update the Virtual Server Update the virtual server by selecting the new HTTP class profile.20 (leave the Entry Type list set to Pattern String).20. Questions: b) What Web site displayed in the browser? _______________________________ c) Why did this request go to the Auction site and not the F5. Open a new Web browser window and access https://10. TASK 5 – Reconfigure the HTTP Class Profile Experiment with the different options available within an HTTP class profile.f5. Click Finished. 2.110.20. In the Actions section. from the Hosts list select Match only… 11.com Web site? _________________________________________________________________ . 7.10. In the Configuration section. and then click Update.110. Open a new Web browser window and access https://10.20. type http://www. 8. Add the following host: 20.10. 12. from the Send To list.110. edit the secure_profile HTTP class profile. In the configuration utility. 10. Click Update.com. Update the auction_vs virtual server by selecting the secure_profile HTTP class profile.20. Open a new Web browser window and access https://10. Verify that the auction Web site displays. 2. 1.20. Question: a) What Web site displayed in the browser? _______________________________ 9. In the Redirect to Location box. Close the Web browser. 3. Close the Web browser window. 1. select Redirect to… 6. 4. Click Update. 14.F5 Virtual Environment Hands-On Exercise Guide – Exercise 1 – Enable ASM Protection d) Was this access to the Web site protected by ASM? _______________ 13. Clear the Custom check boxes for both Hosts and Send To (be sure to leave the check box for Application Security selected. Close the Web browser.) 15. 16. Create an archive file named archive_After_5A. .  This exercise builds on the previous exercise. Click Next. Access and log into your BIG-IP system. Select Configure Security Policy. In the Application-Ready Security Policy list box. Access the Application Security > Security Policies > Policies List > Active Policies page. 6. select Rapid Deployment security policy. select Unicode (utf-8). On the Configure Attack Signatures page. therefore you must complete the previous exercise prior to starting this exercise. 4. 1. On the Configure Security Policy Properties page. from the Available Systems list box. move to following to the Assigned Systems list box. and then apply the updated policy.F5 Virtual Environment Hands-On Exercise Guide – Exercise 2 – Updating and Applying a Security Policy EXERCISE 2 – UPDATING AND APPLYING A SECURITY POLICY Your customer has installed ASM and needs to begin configuring a security policy to prevent malicious activity. o Operating Systems > Unix/Linux o Web Servers > Apache and Apache Tomcat o Languages. 3. 2.  Estimated completion time: 10 minutes TASK 1 – Configure the Security Policy using Rapid Deployment Update the security policy that ASM created in the previous lab using the Rapid Deployment security policy. Frameworks and Applications > PHP o Database Servers > MySQL . Click Next. in the Application Language list box. 8. 9. 7. 5. Select the Create a policy manually or use templates (advanced) option. From the Logging Profile list.F5 Virtual Environment Hands-On Exercise Guide – Exercise 2 – Updating and Applying a Security Policy 10. 15. Leave Signature Staging enabled and click Next. 11. Open a new Web browser window and access https://10. Select All Requests. 2. 12. 1. select Log all requests. 4. View the last five most recent items in the Last created auctions list. The new policy is placed in Transparent mode.110.20. 3. TASK 2 – Verify That Requests are Passing Through ASM Use the Reporting page in ASM to verify that requests for the auction Web site are passing through ASM. Click Finish. . Click OK. 14. 13.10. Click Apply Policy. Click Save. Access the Application Security > Reporting > Requests page. 6. 9. Illegal. 11. Select the Edit data link in the Logged in section on the right-side of the page. 8. or Blocked? ____________________ d) Are requests for .110/comment.txt pages Legal. Go to the home page.10.F5 Virtual Environment Hands-On Exercise Guide – Exercise 2 – Updating and Applying a Security Policy 5. click Go. Questions: c) Are requests for most . 10. In the User login section. On the Reporting > Requests page.txt. Edit the URL to https://10. step 3. login using the username and password you created in Exercise 5A. or Blocked? ____________________ . 12. Questions: a) What value is in the Address field? ________________________ b) Why is this value displaying? ________________________________________________ 7. task 2. Illegal. Close the auction Web site browser window. and then buy the Canon Digital Camera.20. Click Logout.php pages Legal. Verify that requests for several files are displayed. Select Do not use vendor-supplied defaults for system passwords and other security parameters. 4. Access the Application Security > Reporting > PCI Compliance page. 14. Select Data Guard: Information leakage detected. Select the buy2. Close the PDF report and the configuration utility Web browser.txt pages being blocked through ASM? _____________ _________________________________________________________________ 13. 17. Question: a) Which requirements are automatically compliant using the Rapid Deployment policy? ______________________________________________________________________ 2. Close the View Full Request Information window. 5. Select all of the items in the Requests List. 19. 20. Close the View Full Request Information window. Select the edit_data. Question: b) Why is this entry not yet in compliance? _______________________________________ 3. Click Printable Version.php link. 16. Question: g) What caused this illegal entry? ___________________________________ 18. TASK 3 – View the PCI Compliance Report Use the PCI Compliance report to determine where the Web application is missing required security for compliancy.php link. 1. View the PDF report. and then click Clear All. Select Data Guard: Information leakage detected. Create an archive file named archive_After_5B. Question: f) What caused this illegal entry? ___________________________________ 15. .F5 Virtual Environment Hands-On Exercise Guide – Exercise 2 – Updating and Applying a Security Policy e) Why aren’t requests for . Place the policy in Blocking mode. In the Access Violations section. Select the Blocking > Settings page. 7. TASK 1 – Configure a Security Policy to Learn About File Types Update the Web application’s security policy that to learn about potential illegal file types. There are no learned entries other than the Data Guard information leakage detected entries.F5 Virtual Environment Hands-On Exercise Guide – Exercise 3 – Tightening a Security Policy EXERCISE 3 – TIGHTENING A SECURITY POLICY Your customer would like to use ASM to only allowed access to authorized pages. 1. Edit the secure_profile security policy. note that the Block check box is currently grayed out. in the Illegal file type row. . Alarm. therefore you must complete the previous exercise prior to starting this exercise. 2.  This exercise builds on the previous exercise. 5. select the Learn. and gif files. 3. and Block check boxes. 4. based on the file type. Access and log into your BIG-IP system. Access the Application Security > Policy Building > Manual > Traffic Learning page. In the Illegal file type row. The auction Web site only needs to support access to php. Question: a) Why can’t you enable the Block option? ________________________________ _________________________________________________________________ 6.  Estimated completion time: 20 minutes. however the check box remains selected. Notice that the Block option for Illegal file types is once again grayed out. Access the Application Security > File Types > Allowed File Types page. 2. Click Save.F5 Virtual Environment Hands-On Exercise Guide – Exercise 3 – Tightening a Security Policy 8. Question: b) Why were these options already set? __________________________________ _________________________________________________________________ 9. 10. 5. 3. Select the Perform Tightening check box. TASK 2 – Enable Tightening for File Types Configure ASM to perform tightening for the secure_profile security policy for file types. Click Save. Apply the updated policy. In the Allowed File Types List section. Note that in the Negative Security Violations section. select the * link. 11. Click Update. . 1. Place the policy back in Transparent mode. 4. Data Guard: Information leakage detected is already set to both Learn and Alarm. In the User login section.F5 Virtual Environment Hands-On Exercise Guide – Exercise 3 – Tightening a Security Policy TASK 3 – Generate Entries for the Security Policy Access the Web site to generate learning suggestions for the security policy. </script> Auction starts with $10 Country United States of America Zip Code 98119 Payment methods MasterCard or Visa Choose a category Arts & Antiques 5. Click the Your control panel link in the Logged in section. Click Go.20. 6. Click on the Home link. Edit the URL to https://10.110/comment. 2. Click Logout. View the last five most recent items in the Last created auctions list. Click Submit Query. . enter your Password.10. Log into the Web site. 3.20. Edit the end of the URI to read: ?nick=bobsmith. 4.110. Close the Web browser. Sell an item using the following information: Item title Item description Another bad item <script> alert ("Don’t use this site . 9. 11.go to http://mysite. 1. Open a new Web browser window and access https://10. 8. When prompted. 15. Click Logout.com"). and click Submit Query again.txt. in the Username field type: ' or 1=1# 12. 16. 14. 13. and then click the Your control panel link in the Logged in section. 10. 7. Edit the end of the URI to read: ?nick=*.10. Select the check boxes for the gif. Questions: a) Which URLs are vulnerable for SQL injection? _______________________________ 4. Select the HTTP Request tab. jpg. 7. 1. no_ext. click OK (NOTE: Do not move txt files to ignored entities). 3. 8. Select the check box for the txt file type. Return to the Manual Traffic Learning page. Access the Application Security > Policy Building > Manual > Traffic Learning page. Select the Attack signature detected link. Select the Illegal file type link. In the Confirm Delete window. 2.php link. and why? _________________________________________________________________ 9. 11. . Select the login. This will allow these file types for this policy. and php file types. and then click Accept. and then click Clear. Questions: c) Why is there an entry for no_ext? ____________________________________ ________________________________________________________________ d) Should we allow or block access to pages without an extension. Questions: b) Which parameter needs to be protected against SQL injection? ___________________ 6. 5.F5 Virtual Environment Hands-On Exercise Guide – Exercise 3 – Tightening a Security Policy TASK 4 – Fine Tune the Security Policy Select the file types that are allowed for the Web site and accept them into the security policy. Close the View Full Request Information window. Select the Recent Incidents link for the SQL-INJ entry. 10. 15.txt files Legal. Access the Application Security > File Types > Allowed File Types page. and then click Enforce. Select links to navigate through the auction Web site. and then click Delete. This removes these entries from staging.txt. Apply the updated policy. jpg. and php checkboxes. Select the gif. 18.php file types.110/comment. Edit the URL to https://10. Select the Illegal file type link. however the other types are no longer considered illegal file types.20. 16. select the * check box. or Blocked? ____________________ h) What do you need to configure in ASM to block access to . The security policy has been updated to allow requests for gif. Close the Web browser. Illegal.txt page? _________________________ f) Why is ASM still allowing access to txt file types? _______________________ _________________________________________________________________ 19.txt files? _______________________________________________________________ . Questions: e) Were you able to access the comment. jpg. In the Allowed File Types List section.10. Questions: g) Are requests for . Traffic learning still suggests the txt file type. Access the Application Security > Reporting > Requests page.10.20. no_ext.F5 Virtual Environment Hands-On Exercise Guide – Exercise 3 – Tightening a Security Policy 12. Open a new Web browser window and access https://10. as they have already been added to the policy. and . 22. 13. 21.110. 14. 17. 20. in addition to requests with no extension. Access the Traffic Learning page. 6.110/comment. 1.txt file types on this Web site. Change the Enforcement Mode to Blocking. 4.10. 7. 2. Illegal.20.txt.20. edit the security policy so that the error message displayed when accessing . or Blocked? ________________________ 8. Open a new Web browser window and access https://10. Create an archive file named archive_After_5C. TASK 6 – If Time Permits If you have extra time. Click Save. Questions: a) Were you able to access the comment.F5 Virtual Environment Hands-On Exercise Guide – Exercise 3 – Tightening a Security Policy TASK 5 – Modify the Security Policy’s Enforcement Mode Modify the security policy. currently configured in Transparent mode. Your support ID is: (the support ID variable)” .txt page? _________________________ b) Are requests for .txt file types reads “For security purposes. Close the Web browser. and then apply the updated policy.110. to Blocking mode. 5. Access the Application Security > Reporting > Requests page. Edit the URL to https://10.10.txt files Legal. you are not allowed to access . Edit the secure_profile security policy. 3. On the Configure Attack Signatures page. select Comprehensive. Access and log into your BIG-IP system.  This exercise builds on the previous exercise. Frameworks and Applications > PHP o Database Servers > MySQL 9. and then click Next. 10. then click Run Deployment Wizard.F5 Virtual Environment Hands-On Exercise Guide – Exercise 4 – Using Automatic Policy Building EXERCISE 4 – USING AUTOMATIC POLICY BUILDING You would like to experiment with methods to save your customer time when building a security policy for the auction Web site. from the Available Systems list box. and then click Next. 4. For the policy_builder_profile policy. From the Policy Type list. Ensure that policy_builder_profile is above secure_profile. 3. o Operating Systems > Unix/Linux o Web Servers > Apache and Apache Tomcat o Languages. Access the Active Policies page. select Configure Security Policy. Click Next. 6. Create a new HTTP Class profile named policy_builder_profile with Application Security Enabled. 5. TASK 1 – Create a New Security Policy Using Automatic Policy Building You will create a new security policy for the Web application using Automatic Policy Building. 7. From the Security Policy Language list box. 8. 2. Associate the new HTTP Class profile with the auction_vs virtual server. then select the policy_builder_profile [v1]. 1.  Estimated completion time: 20 minutes. click Cancel. then click Reconfigure. select Unicode (utf-8). move to following to the Assigned Systems list box. →NOTE: If you get an error message that the Deployment Wizard is already running. therefore you must complete the previous exercise prior to starting this exercise. Leave the Create a policy automatically (recommended) option selected. . View the last six most recent items in the Last created auctions list. The Policy Building: Automatic: Status page displays. step 3. 15. Slide the Policy Builder learning speed control to Fast. 12. From the Trusted IP Addresses list. login using the username and password you created in Exercise 5A. In the Netmask box. In the IP Address box. select Address List. 5. Click Next. Open a new Web browser window and access https://10. Click Finish.110.F5 Virtual Environment Hands-On Exercise Guide – Exercise 4 – Using Automatic Policy Building 11. . 17. Apply the new policy. and then click Add. TASK 2 – Create Learning Suggestions for Automatic Policy Building Generate learning suggestions for automatic policy building for the Web application. enter 255. 14.10. 1. 4.255.255. 13.10.255.20. In the User login section.20. task 2. 2. Note that this changes the chances to adding false positives to the policy to High. enter 10. 3. Click the Your control panel link in the Logged in section.1. This places the policy in blocking mode. Edit the end of the URI to read: ?nick=bobsmith. 16. 14. 7.20. 15. and cookies. In the Detail section. Multiple parameters are currently in staging. Click Logout. 11. In the User login section. 13. jpg. . Select Parameters > Staging.10. 12. Click Go. Edit the URL to https://10. 16. Access the Application Security > Policy Building >Automatic > Configuration page. in the Username field type: ' or 1=1# 9. URLs. 8. Edit the end of the URI to read: ?nick=*. no_ext.txt. The log includes an entry for each event or action that the Policy Builder makes to the policy. and php entries. the policy builder begins learning file types. For the gif. click the corresponding Enforce button. Close the Web browser.F5 Virtual Environment Hands-On Exercise Guide – Exercise 4 – Using Automatic Policy Building 6. After several seconds. Question: a) Why are you now able to access txt file types? _______________________ _____________________________________________________________ b) Is Data Guard currently enabled? _________________ The policy builder begins to analyze the traffic. parameters. Access the Application Security > Policy Building > Automatic > Log page.110/comment. select File Types > Staging. Disable Signature Staging.110. 3. 1. Click Save. and then apply the updated policy. →NOTE: If there are any other entries on this page. 4. Open a new Web browser window and access https://10. 10. click OK. and then click Add.10.php in the text field. step 3. 9. Select the Application Security > Attack Signatures > Attack Signatures Configuration page. login using the username and password you created in Exercise 5A. and then apply the updated policy. and then click Update. 4. Delete the txt file type entry. 3. and then click Add. Questions: a) Is there another entry that should be deleted? _______________________ b) Why was the txt file type added to the policy? __________________________ _________________________________________________________________ 2. TASK 3 – View and Update the Security Policy Reset the Web application by selecting the security policy that you created in the previous labs. and then click Update. In the User login section. Click the Your control panel link in the Logged in section. select Dynamic content value. Edit the end of the URI to read: ?nick=bobsmith. task 2. In the Message from webpage dialog box. 2. TASK 4 – Test the Updated Policy Access the Auction Web site and make attempts that violate the policy. Select the File Types checkbox. 6.F5 Virtual Environment Hands-On Exercise Guide – Exercise 4 – Using Automatic Policy Building 17. 1. 13. and then delete the wildcard entry. View the Parameters List page. delete them as well. 8. 7. . Select the nick parameter entry. Select the URLs checkbox. and then click the Enforce button. Click Create. View the Allowed File Types page. Select the checkboxes for the nick and username entries. Click Save. 12. and then delete the wildcard entry. then select HTTP from the list box. From the Parameter Value Type list box. Disable the Real Traffic Policy Builder. then select php from the list box. 5. 18.20. 11. then enter index. and then apply the updated policy. . in the Username field type: ' or 1=1# 12. </script> Auction starts with $10 Country United States of America Zip Code 98119 Payment methods MasterCard or Visa 8.txt files)? ______________ b) Is the Web site protected against data leakage? _______________ c) Is the Web site protected against cross-site scripting? _______________ d) Is the Web site protected against SQL injection? _________________ e) Is the Web site protected against parameter tampering? ________________ 15.10. Click Logout. 10. Access the Application Security > Data Guard page. In the User login section. 11.F5 Virtual Environment Hands-On Exercise Guide – Exercise 4 – Using Automatic Policy Building 5. Close the Web browser. and ensure that you mask data being sent back to users. Edit the URL to https://10. Questions: a) Is the Web site protected against unacceptable file types (.110/comment. →NOTE: Ensure the current edited policy is policy_builder_profile. 14. 7. 17. 16.com"). Enable Data Guard for credit card numbers. Click the Back button.go to http://mysite. social security numbers.txt. 6. 9. Sell an item using the following information: Item title Item description Not this item <script> alert ("Don’t use this site . Click Save.20. Click Go. 13. Click Submit Query. Click the Back button. Select the Sell an item link. Click the Your control panel link in the Logged in section. 24. Open a new Web browser window and access https://10.20. step 3.10. Adjust the blocking settings so that data is indeed scrubbed. task 2. 22.110. Apply the policy and test again.F5 Virtual Environment Hands-On Exercise Guide – Exercise 4 – Using Automatic Policy Building 18. . but that the page itself isn’t blocked. 20. 23. Once the page displays with credit cards and social security numbers being scrubbed. In the User login section. create an archive file named archive_After_5D. Questions: f) What response did you receive? _______________________________________ g) Why did you receive this response? ______________________________________ ____________________________________________________________________ 21. 19. Close the Web browser. login using the username and password you created in Exercise 5A. select the Rec tab. and then click Record.F5 Virtual Environment Hands-On Exercise Guide – Exercise 5 – Protecting Against Web Scraping EXERCISE 5 – PROTECTING AGAINST WEB SCRAPING Your customer is concerned about malicious Web scraping attacks and would like to configure the policy on ASM to prevent potential attacks. 4. Click Stop. type 10.iim. 5. 2. In the iMacros pane. and then update the policy to learn and alarm about possible Web scraping attacks. 1. Ensure that the Current edited policy is policy_builder_profile.  This exercise builds on the previous exercise. Save the iMacro as webscraping_example. 6. therefore you must complete the previous exercise prior to starting this exercise.110. Access and log into your BIG-IP system. Access the Application Security > Anomaly Detection > Web Scraping page. Edit the Web Scraping Detection Configuration settings as follows: Grace Interval 5 requests Unsafe Interval 10 requests Safe Interval 20 requests 6. 7.  Estimated completion time: 15 minutes TASK 1 – Use iMacros to Record and Play a Lengthy Visit to the Auction Web Site Use iMacros for Firefox to record and play back a series of requests to the auction Web site. Question: a) Is ASM protecting against potential Web scraping attacks? ________________ TASK 2 – Configure Web Scraping Detection and Protection Configure ASM to detect and protect against potential Web scraping attacks. In the Max box. 3. however don’t log in or purchase an item). 1. select the Play tab. Select webscraping_example. In the iMacros pane. at least 20 clicks.20. . Open Mozilla Firefox and access https://10.10. Click Save. 5. 8. and then click Play (Loop). Select the Enable Web Scraping Detection check box. 2. 3. 4. Select links to navigate through the auction Web site (be sure to record a lengthy visit to the Web site. or Blocked? _____________________ TASK 3 – Update the Policy to Block Web Scraping Update the policy to block detected Web scraping attacks. 1. 2. Once the archive is complete. 8. 9. and then apply the updated policy. Click Save. restore using the archive_After_1D archive file. Alarm. Click Save. Create an archive file named archive_After_5E. 1. Use Firefox to play the webscraping_example macro 10 times. Note that all occurrences came from your client IP address. Edit the policy_builder_profile blocking settings to block detected Web scraping. Verify that the blocking settings for the policy_builder_profile policy for Web scraping detected include Learn and. and then apply the updated policy. Questions: a) How many total entries were reported to ASM? ________________ b) Why didn’t ASM block this user after detecting Web scraping? _________________________________________________________________ 12. 11. 3. TASK 4 – Resetting the BIG-IP Reset the BIG-IP system by restoring your archive file. Select the Reporting > Requests page. Questions: a) Was the Web scraping attack successful? ________________ 4. Use Firefox to play the webscraping_example. Select the Web scraping detected link. 2. 10. Illegal. In the BIG-IP configuration utility. access the Traffic Learning page. . Question: c) Are recent requests for pages Legal. Close Firefox.iim macro 10 times.F5 Virtual Environment Hands-On Exercise Guide – Exercise 5 – Protecting Against Web Scraping 7.
Copyright © 2024 DOKUMEN.SITE Inc.