Forum Discussion
uknoodler_23999
Altostratus
Jan 06, 2017How could I exclude Vulnerability scanners from Session Tracking?
I have enabled session tracking on an application and it has quickly blocked my vulnerability scanner. Of course this is "scan interference" and makes the results invalid.
The options on the IP Ad...
- Jan 10, 2017
Is it bad form to answer my own question?
Anyhow, using logging I discovered that the violation name wasn't matching correctly. Here is a rule that I've now deployed and tested.
when ASM_REQUEST_DONE { if {([ASM::violation names] contains "SESSION_AWARENESS" && [ASM::violation count] < 2 && [IP::addr [IP::client_addr] equals n.n.n.n/m])} { ASM::unblock } }
Kevin_Stewart
Employee
Sep 04, 2013I believe Jeff is specifically talking about Linux local users, but generally speaking:
-
Basic auth uses base64 - not a hashing algorithm - and is browser-dependent.
-
SHA512 is an option should you need to hash something:
https://devcentral.f5.com/wiki/iRules.sha512.ashx
- Hi Dave,
- DaveC_53879Aug 10, 2011
Nimbostratus
Thanks Aaron. I'll give it a try. - DaveC_53879Aug 15, 2011
Nimbostratus
Aaron
- Colin_Walker_12Aug 15, 2011Historic F5 AccountHmmm, the formatting should be preserved by just copy and pasting. Try adding code tags around it next time:
- DaveC_53879Aug 15, 2011
Nimbostratus
Updating the cookie to maintain persistence across all sub-domains is what I meant. I have a test site setup with only this one rule in place, so not sure what I could do different. Any ideas? - DaveC_53879Aug 16, 2011
Nimbostratus
This part of the rule isn't doing anything because it's not logging. Do I need to define My_cookie somewhere? - Michael_YatesAug 16, 2011
Nimbostratus
If you are trying to create a custom cookie take a look here: - Just change My_cookie to the cookie name you want to rewrite the domain for. If you're using the default cookie name for the cookie insert persistence profile, you can use this:
Check if the persistence cookie exists in the response if {[HTTP::cookie exists "BIGipServer[LB::server name]"]} { set the domain attribute on the persistence cookie HTTP::cookie domain "BIGipServer[LB::server name]" ".ddcpoc.com" log local0. "[IP::client_addr]:[TCP::client_port]: Modified domain on BIGipServer[LB::server name]" }
- DaveC_53879Aug 17, 2011
Nimbostratus
Thanks for the responses. I had actually tried using a named cookie yesterday but got some strange results and I get the same strange results today, but now I see where the problem is. I've been using IE8 and FF4 to test. IE8 is now working correctly, as it is inserting the correct domain name in the cookie and so stays persistent regardless of the sub-domain. Thanks for the help getting this working. I see the same results in FF 3.6.17.