Forum Discussion

Amit585731's avatar
Icon for Nimbostratus rankNimbostratus
Mar 12, 2019




We are comparing ASM with Fortiweb and Secure sphere and wanted to understand if ASM or AWAF can support anti defacement? I couldn't find any article on F5.


Thank You for help.


5 Replies

  • defacement attacks are usually executed by exploiting either Cross-Site Scripting (XSS) or Remote Code Execution (RCE) attacks - both can be detected and blocked by ASM. In other words - in order to deface a website the hackers first have to exploit a vulnerability hack into your web application / web server and replace the website contents in CMS or upload and change files on the webserver.


    Fortiweb offering a specific anti-defacement services by monitoring the contents of the website - this is not really practical for many modern web applications as the website content changes all the time, however in ASM you can use Data Guard to monitor data leakage for specific keywords to achieve extra monitoring and blocking for defacement (provided hackers manage to break into your website protected by F5 ASM WAF)


  • Hi Samstep,


    Basically their Anti Web Defacement prevents all changes from Web servers either it is from a trusted(Developers) or untrusted. If someone changes it, Fortiweb have a backup of all files in the folder it is protecting and restore it the original state. If a developer needs to change or update the webserver, Fortiweb can allow changes for specific timeframe and blocks it again when it expires.


    I believe F5 doesn’t have this kind of feature, but I think we should focus on what AntiWeb Defacement of Fortiweb resolves and what is the equivalent process of F5 to achieve the same goal. Can you suggest what can be our approach on this?


  • Akhtar's avatar
    Icon for Nimbostratus rankNimbostratus



    You may get hash of each individual landing pages and apply iRule something like following to see if the page in response has the same hash before sending it over to the client.



    var HASH = hash of the original page



    when HTTP_RESPONSE {

    if {[class match [b64encode [CRYPTO::hash -alg sha384 [HTTP::header]]] equals HASH ]}










    • Tai_PhamMinh's avatar
      Icon for Nimbostratus rankNimbostratus


      I see this solution not same with anti-defacement feature on FortiWeb.

      You can research on this link: Anti-defacement (

      If we use the HASH, this case only protect web page when send it to the client. But this feature to protect web page content on the server.


      • Nikoolayy1's avatar
        Icon for MVP rankMVP

        Definitely it has to be tested if this feature works as most advanced features on forti products are just there to look cool but have bugs that may never be resolved.