For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dburnett_103851's avatar
dburnett_103851
Icon for Nimbostratus rankNimbostratus
Dec 10, 2008

9.4.5 upgrade and HTTP Protocol Compliance

We currently have F5 Big IPs within a 'live' website environment and a 'pre-live' environment.     We have recently upgraded our pre-live environment from 9.4.3 to 9.4.5.     All...
app sec
BIG-IP Access Policy Manager (APM)
security
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 10, 2008
I wouldn't want to say definitively yes or no, but I expect ASM should prevent these types of attacks using charset restrictions. If the attack depends on carriage return line feed characters in the URI or headers, these should be blocked by default character sets. The attack signatures might provide additional protection, but the charsets are what I'd count on for this scenario.

 

 

If you want a definitive answer, you (or a pen tester) could try a few of the response splitting attacks with ASM in transparent mode. See if you can exploit the app and then check the ASM forensics to see if the attacks were marked as illegal.

 

 

If you have the means to do it, it's always ideal to have the app pen tested through ASM before putting a new app and policy in production.

 

 

Aaron