Lab 2.1 - Prepping the Lab ======================================================================= By default, security events are not logged, in this lab the student will create a security logging profile with Application Security, Bot Defense and DOS Protection enabled. The student will also place the waf policy in trasnparent to show the difference in behavior when client traffic that is deemed malicious is and is not blocked. Task 1 - Add Vulnerable API ------------------------------ 1. From the web browser, navigate to API Protection >> Profile. Click **Profile** to modify the previously created API protection Profile (not the + Plus symbol) |image48| 2. Click **API-Protection** |image64| 3. Click **Edit** Under Per-Request Policy |image49| 4. Click the **+ (Plus Symbol)** located between Start and OAuth Scope Check AuthZ |image101| 5. Select the **Classification** tab 6. Select **Request Classification** 7. Click **Add Item** |image102| 8. Select **Branch Rules** 9. Click **Add Branch Rule** 10. Enter name ** GET /vulnerable** 11. Click **Change** |image103| 12. Click **Add Expression** |image104| 13. Select **Request** from the Context dropdown 14. Click **Add Expression** |image105| 15. Click **Add Expression** on the AND line |image106| 16. Select **Path (value)** from the Request dropdown 17. Enter **/vulnerable** in the empty text box 18. Click **Add Expression** |image107| 19. Click **Finished** |image108| 20. Click **Save** |image109| 21. Click the **+ Plus Symbol** on the GET /vulnerable branch |image110| 22. Click **API Server Selection** 23. Click **Add Item** |image111| 24. Select **api-protection_server1** from the dropdown 25. Click **Save** |image112| 26. Click the **Reject** terminal at the end of API Server Selection |image113| 27. Select **Allow** 28. Click **Save** |image114| 29. The completed policy should look like the below. |image115| Task 2 - Create and assign a Security Logging Profile to the virtual ------------------------------------------------------------------------- .. note :: Ensure you are logged into BIGIP1 1. From the web browser, click on the **Security -> Event Logs -> Logging Profile** and click **Create**. 2. For the Profile Name enter **api.acme.com_logprofile**. |module2Lab1Task2-image1| 3. Enable **Application Security** a Application Security configuration menu will open up at the bottom. Change the Request Type from Illegal requests only to **All requests**. |module2Lab1Task2-image2| 4. Enable **DoS Protection**, a DoS Protection configuration menu will open up at the bottom. Enable **Local Publisher** |module2Lab1Task2-image3| 5. Enable **Bot Defense**, a Bot Defense configuration menu will open up at the bottom. Enable **Local Publisher** and all other checkboxes, leave Remote Publisher set to none. |module2Lab1Task2-image4| 6. Click **Create** 7. Apply the bot profile to the api.acme.com virtual by navigating to **Local Traffic -> Virtual Servers -> api.acme.com -> Security -> Policies** and set the Selected Log Profile to **api.acme.com_logprofile**. |module2Lab1Task2-image5| 8. Click **Update**. The virtual will now log Application Security, DoS and Bot related events under **Security -> Event Logs** when an appropriate security profiles have been applied to the virtual. Task 3 - Set the WAF policy to Transparent and assign it to the virtual ---------------------------------------------------------------------------- 1. From the web browser, click on the Security -> Application Security -> Security Policies -> Policies List. Click **api-protection**. Notice the Enforcement Mode is set to **Blocking**. Set the Enforcement Mode to **Transparent**. Be sure to click **Save**, then **Apply Policy**. |module2Lab1Task3-image1| 2. Apply the waf policy to the api.acme.com virtual by navigating to **Local Traffic -> Virtual Servers -> api.acme.com -> Security -> Policies** and set the Application Security Policy to enabled and the Policy to **api-protection**. |module2Lab1Task3-image2| 3. Click **Update**. .. |module2Lab1Task3-image2| image:: /_static/class1/module2/module2Lab1Task3-image2.png :width: 800 .. |module2Lab1Task3-image1| image:: /_static/class1/module2/module2Lab1Task3-image1.png :width: 800 .. |module2Lab1Task2-image5| image:: /_static/class1/module2/module2Lab1Task1-image5.png :width: 400px .. |module2Lab1Task2-image4| image:: /_static/class1/module2/module2Lab1Task1-image4.png :width: 400px .. |module2Lab1Task2-image3| image:: /_static/class1/module2/module2Lab1Task1-image3.png :width: 400px .. |module2Lab1Task2-image2| image:: /_static/class1/module2/module2Lab1Task1-image2.png :width: 800px .. |module2Lab1Task2-image1| image:: /_static/class1/module2/module2Lab1Task1-image1.png .. |image0| image:: /_static/class1/module2/image000.png .. |image48| image:: /_static/class1/module2/image048.png .. |image49| image:: /_static/class1/module2/image049.png .. |image64| image:: /_static/class1/module2/image064.png .. |image101| image:: /_static/class1/module2/image101.png :width: 800px .. |image102| image:: /_static/class1/module2/image102.png :width: 800px .. |image103| image:: /_static/class1/module2/image103.png .. |image104| image:: /_static/class1/module2/image104.png .. |image105| image:: /_static/class1/module2/image105.png .. |image106| image:: /_static/class1/module2/image106.png .. |image107| image:: /_static/class1/module2/image107.png .. |image108| image:: /_static/class1/module2/image108.png .. |image109| image:: /_static/class1/module2/image109.png .. |image110| image:: /_static/class1/module2/image110.png :width: 800px .. |image111| image:: /_static/class1/module2/image111.png .. |image112| image:: /_static/class1/module2/image112.png .. |image113| image:: /_static/class1/module2/image113.png :width: 1200px .. |image114| image:: /_static/class1/module2/image114.png .. |image115| image:: /_static/class1/module2/image115.png :width: 1200px