Forum Discussion

Nimbostratus

Feb 06, 2019

ASM protection against SSRF

Anyone have experience in virtually patching an application vulnerable to SSRF (server-side request forgery) protected by ASM? If so, how did you configure ASM policy? Whitelist all allowed URLs? ...

ASM Advanced WAF

security

samstep

Cirrocumulus

Feb 08, 2019

F5 ASM can provide SSRF protection in many ways including response signatures, parameter type enforcement and whitelisting.

First of all you should find out:

which URLs of the application are vulnerable to SSRF
what the successful SSRF attack URL looks like and what is the 'good usage' URL

I assume you can get this from the pen-test report. Once you have this information it will become clearer what ASM policy changes you need to protect the application

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM protection against SSRF

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Managing iRules configuration

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Problem with sending BotDefense logs to remote server

ASM/AWAF declarative policy

Related Content

Embedding APM Protected Resources into Third-Party Sites

L7 DoS Protection with NGINX App Protect DoS

Runtime API Security: From Visibility to Enforced Protection

F5 API Security: Discovery and Protection

Cookie-based DDoS protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS