3rd party vulnerability scan

Question

Hi Experts,&nbsp;I'd like to get some help with another issue.&nbsp;We have this new 3rd party vendor that will be scanning the webservices hosted in LTM. The Big-IP also runs with ASM.We tested between 15 virtual servers and only 1 is able to scan successfully.&nbsp;Is there a setting that we need to perform on the Big-IP level to make the scan successfully work?Is there a setting at real server level that we also need to adjust?&nbsp;The virtual server by the way does port forwarding from port 443 to port 80 and there is certificate installed in F5 clientssl.&nbsp;Hoping someone can advise.&nbsp;Thank you in advance,

petewhite · Answer

What do you mean by "We tested between 15 virtual servers and only 1 is able to scan successfully". How does it fail? This does not sound like an F5 problem - can they get basic access to the service? Is ASM blocking the malicious traffic?

f5mkudefault · Answer

Hi Pete, sorry for late response. We actually tested again focused on 1 specific website and confirmed that the scanner is able to hit the main page of the website. However the scan will stop. Base from the ASM we see some events from scanner to VS hitting some page. It looks like the real server is the one causing some issues. Not too sure if its a permission issue. Any idea what we need to adjust on the real server end?

boneyard · Answer

the webservices work fine for users i assume?&nbsp;it sounds very much like a scanner issue, if you use it without F5 and or without ASM does it function fine? if not then talk with the scanner people and understand why it "stops".&nbsp;&nbsp;

f5mkudefault · Answer

yes, the webservices works fine for the users, this is what we keep mentioning to the vendor, also in ASM event logs we can see ASM is recommending to block but the response is not accepted. means F5 don't accept the recommendation since we have whitelisted the scanner IP address. With or without the ASM is just the same, we suspect its on the webserver (real server) maybe some permission gets denied since scanner can hit the main page but subpages cannot.

we'll update this thread once it gets resolve. thank yiou

Forum Discussion

3rd party vulnerability scan

4 Replies

Recent Discussions

BIG-IQ Dashboard

Client cert auth and TLS1.3

disable ciphers 1.0 and 1.1 on ssl client profile

Access azure app service using f5 LTM

Customer needs an LTM+DNS license. Would we recommend R2600 or R2800?

Related Content

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Coordinated Vulnerability Disclosure: A Balanced Approach

Increased Security With First Party Cookies

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Advanced iRules: Scan