A10 WAF fine-tuning
ins007
Member ✭
Hi,
Is there any whitepapers, recommendation or detailed guide for A10 WAF fine-tuning?
From my current knowledge...compared with F5 ASM, there's no case id for each blocking
Also there's no easy/quick wizard for common webapp specs deployment (Language, OS, Database type etc)
So how you guys do about it? Turn all feature then check each blocked action while in passive mode?
Is there any whitepapers, recommendation or detailed guide for A10 WAF fine-tuning?
From my current knowledge...compared with F5 ASM, there's no case id for each blocking
Also there's no easy/quick wizard for common webapp specs deployment (Language, OS, Database type etc)
So how you guys do about it? Turn all feature then check each blocked action while in passive mode?
Tagged:
0
Comments
I have the same problem...did you found a solution?
Thanks in advance,
Laura
a white-paper to optimize it is not existing until now.
If you want to we can do a workshop for this topic.
To make it clear in front the A10 ACOS has no database to store every bad request. We are logging this in a single syslog server externaly.
Out of this syslog messages you see exactly in what topic and why this special request is blocked or will be blocked.
I do it on a linux syslog host and filter with different commands like uniq, sort and so. In this way it took me far less time to optimize the WAF from A10 then i did the optimization at the F5 boxes.
Let me know if i can support you on this topic.
CU hkohn!
I've checked around, even FortiWeb has case/incident id
I still believe still should be a de-facto standard, very difficult to fine-tune environment which has no dedicated syslog
The blocked user (end-user/website user) can't keep track since there's no reference number....it's not user 'friendly as per say...