Forum Discussion
cdjac0bsen
Nimbostratus
NimbostratusASM protection against SSRF
Anyone have experience in virtually patching an application vulnerable to SSRF (server-side request forgery) protected by ASM? If so, how did you configure ASM policy? Whitelist all allowed URLs?
1 Reply
samstepCirrocumulus
F5 ASM can provide SSRF protection in many ways including response signatures, parameter type enforcement and whitelisting.
First of all you should find out:
- which URLs of the application are vulnerable to SSRF
- what the successful SSRF attack URL looks like and what is the 'good usage' URL
I assume you can get this from the pen-test report. Once you have this information it will become clearer what ASM policy changes you need to protect the application
