Forum Discussion
Attack requests with GET method
Observed certain attacks with GET requests. The attacks were observed for only one minute time and looks like run with scan tool. Although, I am not very well versed on application attack vectors.
Could someone help me understand these requests and their impact on the application. The F5 passed the requests but mainly cause the urls have wildcard in staging.
GET
/webui
/manager/html
/solr/admin/cores
/favicon.ico
/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance
/solr/admin/collections
/openstack/latest
/Onboarding/Import
/dynamic/instance-identity/document
/file=http:/www.w3.org/1999/xhtml
POST
/solr/gettingstarted_shard1_replica_n1/config
/jars/upload
/Onboarding/Import
/WEB_VMS/LEVEL15/
/api/session
/cps/test_backup_server
/ZMC_Admin_Login
/api/authentication/login
Thank you all
- Aswin_mkCumulonimbus
Hi These are all applications related path and if the application allow only it will forward. GET is used for retrieving data like searching, filtering, or paging, whereas POST is used for submitting forms, modifying data, or creating new resources. If you have ASM module, you can make a better security policy in Layer and block unwanted threats and attacks
Check F5 ASM features use cases
- zamroni777Nacreous
do you enable learning mode in the waf profile?
learning should be enabled only for traffic from legitimate testers traffic.
the resulted profile then applied to live traffic.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com