- 구성 환경
- AWS - NAP BM
- F5 ASM Version - 15.1.4
- F5 ASM Signature Name - OB Default Signature
- F5 ASM Signature Export
SIgnature Converter
- 수정된 JSON 정책 ( -keep-full-configuration )
- ASM Policy 중, NAP 적용 불가능한 Policy / 기능 제외 Converter
- 수정된 JSON 정책 ( -keep-full-configuration )
[13:32:56 root@ip-10-10-10-10 /home/ec2-user]$ /opt/app_protect/bin/convert-policy -i /home/ec2-user/Common_base_template__2022-4-25_18-13-30__bigip.com.xml -o /home/ec2-user/ASM-15.1.4_Signature | jq
{
"warnings": [
"Default header '*-bin' cannot be deleted.",
"Traffic Learning, Policy Building, and staging are unsupported",
"/signature-settings/signatureStaging must be 'false' (was 'true').",
"/csrf-urls/enforcementAction value 'verify-csrf-token' is unsupported.",
"Element '/blocking-settings/web-services-securities' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_ASM_COOKIE_HIJACKING' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_GEOLOCATION' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_HOSTNAME_MISMATCH' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_WEBSOCKET_BAD_REQUEST' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_WEBSOCKET_BINARY_MESSAGE_LENGTH' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_WEBSOCKET_BINARY_MESSAGE_NOT_ALLOWED' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_WEBSOCKET_EXTENSION' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_WEBSOCKET_FRAMES_PER_MESSAGE_COUNT' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_WEBSOCKET_FRAME_LENGTH' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_WEBSOCKET_FRAME_MASKING' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_WEBSOCKET_FRAMING_PROTOCOL' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_WEBSOCKET_TEXT_MESSAGE_NOT_ALLOWED' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_WEBSOCKET_TEXT_NULL_VALUE' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_XML_SCHEMA' is unsupported.",
"/blocking-settings/violations/name value 'VIOL_XML_WEB_SERVICES_SECURITY' is unsupported.",
"/blocking-settings/http-protocols/description value 'Several Content-Length headers' is unsupported.",
"/blocking-settings/http-protocols/description value 'CRLF characters before request start' is unsupported.",
"/blocking-settings/http-protocols/description value 'Content length should be a positive number' is unsupported.",
"/blocking-settings/http-protocols/description value 'Unparsable request content' is unsupported.",
"/general/enableEventCorrelation must be 'false' (was 'true').",
"Element '/websocket-urls' is unsupported.",
"Element '/redirection-protection' is unsupported.",
"Element '/gwt-profiles' is unsupported.",
"/signature-sets/learn value true is unsupported",
"/performStaging must be 'false' (was 'true')."
],
"file_size": 18865,
"filename": "/home/ec2-user/ASM-15.1.4_Signature",
"completed_successfully": true
}
- 수정된 JSON 정책 ( —full-export )
- ASM Policy 중, NAP 적용 불가능한 Policy / 기능 포함 Converter
- SIte 실 적용시 문제 발생 가능성 있음
[13:33:56 root@ip-10-10-10-10 /home/ec2-user]$ /opt/app_protect/bin/convert-policy -i /home/ec2-user/Common_base_template__2022-4-25_18-13-30__bigip.com.xml -o /home/ec2-user/ASM-15.1.4_Signature_full --full-export | jq
{
"warnings": [],
"file_size": 262058,
"filename": "/home/ec2-user/ASM-15.1.4_Signature_full",
"completed_successfully": true
}
[13:35:04 root@ip-10-10-10-10 /home/ec2-user]$ vi ASM-15.1.4_Signature_full