ASM TS challenge and caching

Question

F5 ASM 13.1.0 is placed behind a CDN.&nbsp;
TSPD challanges injected in the web page is cached in the CDN, diable the cache option is not possible on the CDN, the assupmtion here is that the tspd token is placed in all the pages.&nbsp;
advanced bot protection is not used because of this.&nbsp;
The troubleshooting is showing number all users get the same token "cached by the CDN" thats, rendering any user fail the check!&nbsp;

samstep · Answer

Only the static content (images/stylesheets/fonts/js/PDF files) should be placed behind CDN. The best practice is to put all static content onto a separate subdomain such a static.example.com or media.example.com &nbsp;
F5 ASM is a security device to protect the Dynamic contact (login pages, portals, applications,etc).  
&nbsp;
In case if the static contact is the part of the same application (e.g. /static subfolder)  you can use the local traffic policy to disable ASM on that static content path. You can also disable the caching of dynamic pages by injecting 'Cache-Control: no-cache' HTTP header if the application you are trying to protect with F5 ASM is not doing it for some reason&nbsp;

Forum Discussion

ASM TS challenge and caching

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

Trigger js challenge/Captcha for ip reputation/ip intelligence categories

Ensuring Secure Data Interoperability in Government Agencies: Challenges and Solutions

What is Web Cache Exploitation?

Google reCAPTCHA Challenge iRule

Journey to the Multi-Cloud Challenges

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS