Question
- What are the details that should be provided in the Technical Questionnaire?
- Download the Questionnaire here: Download: WAF Technical Questionnaire for WAF Setup
Environment
- Silverline WAF
- WAF policy
Answer
- Provide as many details as possible! Completing the questionnaire allows F5 Silverline SOC to build a Positive Security Model where we define all the 'known' variables that are good / valid.
- The entities or configurations asked for in the questionnaire include:
-
Entities/Configurations Example(s) Definition Application Encoding Type - UTF-8
- ISO-8859-1
Character encoding schemes used by the application.
Allowed HTTP Methods - GET
- POST
- HEAD
HTTP defines a set of request methods to indicate the desired action to be performed for a given resource
Allowed Response Codes - 400
- 404
- 503
HTTP response status codes indicate whether a specific HTTP request has been successfully completed
Disallow/Acceptable File Types - Disallow: EXE, DLL
- Acceptable: PHP, DOC, ASPX, etc
File type extensions that you want to block or is/are used by the application
URLs - Disallowed: /admin/restricted_acess
- Acceptable URLs: /login, /example
A list of URL(s) that you want to block or is/are used by the application Parameters - Username, Password, etc.
A list of Parameter(s) that is/are used by the application Cookies - Jsession_id, _utm* (Google analytics cookies), etc
A list of Cookie(s) that are used by the application Redirection Protection - https://example.com (include subdomain; meaning https://*.example.com would be acceptable)
- https://www.anotherexample.com (does not include subdomain)
A list of locations/domains that the application can serve 301/302 redirects
Blocking Response Page <html><head><title>Request Rejected</title></head>
<body>The requested URL was rejected.
Please consult with your administrator.
<br><br>Your support ID is: <%TS.request.ID()%>
</body></html>The blocking page that a user would see if their request were to be blocked by the WAF policy
Geolocation Blocking - Disallow: Iran, Syria
- Allow: US, CA
If you want to block/allow specific IP addresses from specific countries in accessing the application
Q&A: How can I block traffic from country / countries for a specific proxy?
Allowlist IP - Allowlist: 192.168.1.1
IP address(es) or subnets that you want to allowlist
-