Forum Discussion
Amit585731
Nimbostratus
Nimbostratusanti-defacement
Hi,
We are comparing ASM with Fortiweb and Secure sphere and wanted to understand if ASM or AWAF can support anti defacement? I couldn't find any article on F5.
Thank You for help.
AkhtarNimbostratus
NimbostratusHi,
You may get hash of each individual landing pages and apply iRule something like following to see if the page in response has the same hash before sending it over to the client.
var HASH = hash of the original page
when HTTP_RESPONSE {
if {[class match [b64encode [CRYPTO::hash -alg sha384 [HTTP::header]]] equals HASH ]}
{
}
else
HTTP::collect
reject
}
Tai_PhamMinhNimbostratus
NimbostratusHello,
I see this solution not same with anti-defacement feature on FortiWeb.
You can research on this link: Anti-defacement (fortinet.com)
If we use the HASH, this case only protect web page when send it to the client. But this feature to protect web page content on the server.
Thanks,
- Nikoolayy1
MVP
Definitely it has to be tested if this feature works as most advanced features on forti products are just there to look cool but have bugs that may never be resolved.
