ASM blocking mallware

Question

Hello,&nbsp;
We would like to know if ASM can analyze the HTTP Header of a request and evaluate the following fields in order to identify potential unwanted traffic:&nbsp;
RefererX-Requested-With
The “Referer” field indicates the domain that sent the traffic to our site. We would like to block traffic coming from low reputation domains.&nbsp;
The “X-Requested-With” field indicates the mobile application package name that sent the traffic to our site. We would like to block traffic coming from applications that are known as infected.&nbsp;
is this is supported, can it be created via the policy-builder or via irule script?&nbsp;
thank you.&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
With an irule, you can extract and manage both informations. but ASM doesn't use domain reputation and infected application database.&nbsp;
If you can provide both informations (static list) or an URL where BIGIP can download a list of domain and application to block, this can be done with an irule (and a scheduled icall script to download and fulfill datagroups of apps and domains)!&nbsp;

Forum Discussion

ASM blocking mallware

Recent Discussions

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

Related Content

Block IP after a number of ASM Blocks

Can't upload msg file - ASM block

ASM blocked page redirect

ASM block page for use with API waf policy

ASM/WAF rate limit and block clients by source ip (or device_id fingerprint) if there are too many violations

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS