Follow

Q&A: When is it recommended to use a wildcard setting over an explicit setting for an entity in a WAF policy?

 

Question

  • When is it recommended to use a wildcard setting over an explicit setting for an entity (URL, parameter, cookie, file types, and Redirection domains) in a WAF policy?
    • What's the difference?

 

Environment

  • Silverline WAF
  • WAF policy
    • Wildcard vs Explicit 
      • URL, parameter, cookie, file types, and Redirection domains

Answer

Reference: https://support.f5.com/csp/article/K74535942

  • Wildcard entities
    • A wildcard is a pattern, or expression, used in entities to identify multiple HTTP attributes that you want to allow or disallow in requests to your application
    • In the WAF policy, two characters can be used to indicate a wildcard expression
      • asterisk (*) to indicate a wildcard expression that matches all characters in a request or response attribute
      • question mark (?) to a match on any single character
      • Examples:
        • Entity type Wildcard example What it means in WAF policy
          File type * All file types
          URL /products/* All files at the URL location
          Parameter

          item*

          All parameter names that begin with item, such as item1, item2, item45, etc

          Parameter

          item\[*\]

          array brackets needs to be escaped by backslash

          Cookie ASPSESSIONID* All cookie names that begin with ASPSESSIONID
          Redirection domains *.example.com Redirect to any URL is allowed as long as the redirection domain includes "example.com"
  • Explicit entities
    • An explicit entity defines a specific instance of a type of entity, meaning that the WAF policy will attempt to match the pattern as defined exactly
      • Examples:
        • Entity Type Explicit Example What it means in the WAF policy
          File type EXE All URLs with a path that ends in an .exe file
          URL /login.jsp The URL address for one file
          Parameter account All parameters named account
          Cookie account_id All cookies named account_id
          Redirect to another domain maliciousdomain.com A specific domain that appears in HTTP redirects that you want to allow

When is it recommended to use wildcard or explicit pattern matching on an entity?

  • Wildcard Entities can be used to match multiple variations of a pattern
    • If there are multiple variations of the same URL, Parameter, Cookie, File Type, and/or Redirection domain, then Silverline recommends using a wildcard pattern.
      • Example:
        • "*password" parameter would match "newpassword", "oldpassword", etc.
        • Dynamically generated URLs would fall into this category

          /api/session/aeaeue92424-adf32424/data would be turned into "/api/session/*/data"

  • Explicit Entities are the most common
    • Explicit is useful for static entities that do not change or there are no other variations of itself
      • Example:
        • "username" parameter in the WAF policy would match the "username" parameter in the HTTP request and nothing else

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request