Attack requests with GET method

Question

Observed certain attacks with GET requests. The attacks were observed for only one minute time and looks like run with scan tool. Although, I am not very well versed on application attack vectors.

Could someone help me understand these requests and their impact on the application. The F5 passed the requests but mainly cause the urls have wildcard in staging.

GET
/webui
/manager/html
/solr/admin/cores
/favicon.ico
/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance
/solr/admin/collections
/openstack/latest
/Onboarding/Import
/dynamic/instance-identity/document
/file=http:/www.w3.org/1999/xhtml

POST
/solr/gettingstarted_shard1_replica_n1/config
/jars/upload
/Onboarding/Import
/WEB_VMS/LEVEL15/
/api/session
/cps/test_backup_server
/ZMC_Admin_Login
/api/authentication/login

Thank you all

aswin_mk · Answer

Hi These are all applications related path and if the application allow only it will forward. GET is used for retrieving data like searching, filtering, or paging, whereas POST is used for submitting forms, modifying data, or creating new resources. If you have ASM module, you can make a better security policy in Layer and block unwanted threats and attacks&nbsp;Check F5 ASM features use cases&nbsp;&nbsp;

zamroni777 · Answer

do you enable learning mode in the waf profile?learning should be enabled only for traffic from legitimate testers traffic.the resulted profile then applied to live traffic.

Forum Discussion

Attack requests with GET method

2 Replies

Recent Discussions

Related Content

BIG-IP methods to Fix the “421 Misdirected Request” Error

F5 Distributed Cloud L7 DoS Attack Mitigation Roundup

Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack

November Security Research Update: Newly Released Attack Signatures

The HTTP/2 CONTINUATION frame attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS