101 · Question #159
When we have a * wildcard entity configured in the File Type section with tightening enabled, the following may occur when requests are passed through the policy. Which is the most accurate statement?
The correct answer is B. File type violations will be triggered and learning will be available based on these violations.. With a wildcard file type entity and tightening enabled, requests are allowed through but violations are still raised and used to generate learning suggestions for policy tightening.
Question
When we have a * wildcard entity configured in the File Type section with tightening enabled, the following may occur when requests are passed through the policy. Which is the most accurate statement?
Options
- AFile type violations will not be triggered.
- BFile type violations will be triggered and learning will be available based on these violations.
- CFile type entities will automatically be added to the policy (policy will tighten).
- DFile type violations will not be triggered and the entity learning section will be populated with file
How the community answered
(41 responses)- A17% (7)
- B73% (30)
- C2% (1)
- D7% (3)
Why each option
With a wildcard file type entity and tightening enabled, requests are allowed through but violations are still raised and used to generate learning suggestions for policy tightening.
Violations are still triggered with a wildcard and tightening enabled because the tightening mechanism relies on violations to identify file types that are candidates for explicit policy inclusion.
A wildcard (*) entry in the File Type section permits requests with any file extension to pass without being blocked, but when tightening is enabled the ASM system still generates violations for file types not explicitly defined. These violations populate the learning suggestions, allowing an administrator to review observed file types and selectively add them to the policy, progressively tightening it over time.
File type entities are not automatically added to the policy; an administrator must review and manually accept learning suggestions before any entity is added.
Violations are actively triggered when tightening is enabled - the wildcard prevents blocking but does not suppress violation logging or learning population.
Concept tested: ASM wildcard entity tightening and file type learning
Source: https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-asm-implementations/about-learning.html
Topics
Community Discussion
No community discussion yet for this question.