- What are the details that should be provided in the Technical Questionnaire?
- Download the Questionnaire here: Download: WAF Technical Questionnaire for WAF Setup
- Silverline WAF
- WAF policy
- Provide as many details as possible! Completing the questionnaire allows F5 Silverline SOC to build a Positive Security Model where we define all the 'known' variables that are good / valid.
- The entities or configurations asked for in the questionnaire include:
Entities/Configurations Example(s) Definition Application Encoding Type
Character encoding schemes used by the application.
Allowed HTTP Methods
HTTP defines a set of request methods to indicate the desired action to be performed for a given resource
Allowed Response Codes
HTTP response status codes indicate whether a specific HTTP request has been successfully completed
Disallow/Acceptable File Types
- Disallow: EXE, DLL
- Acceptable: PHP, DOC, ASPX, etc
File type extensions that you want to block or is/are used by the application
- Disallowed: /admin/restricted_acess
- Acceptable URLs: /login, /example
A list of URL(s) that you want to block or is/are used by the application Parameters
- Username, Password, etc.
A list of Parameter(s) that is/are used by the application Cookies
- Jsession_id, _utm* (Google analytics cookies), etc
A list of Cookie(s) that are used by the application Redirection Protection
A list of locations/domains that the application can serve 301/302 redirects
Blocking Response Page
<body>The requested URL was rejected.
Please consult with your administrator.
<br><br>Your support ID is: <%TS.request.ID()%>
The blocking page that a user would see if their request were to be blocked by the WAF policy
- Disallow: Iran, Syria
- Allow: US, CA
If you want to block/allow specific IP addresses from specific countries in accessing the application
- Allowlist: 192.168.1.1
IP address(es) or subnets that you want to allowlist