F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

IT_Support_-_EC's avatar
IT_Support_-_EC
Icon for Nimbostratus rankNimbostratus
Jul 12, 2015

[BIG-IP 4000s] Failed to protect Crosse-Site Request Forgery

Dear F5 Team,   Our team did PoC of Cross-Site Request Forgery but it seemed that WAF cannot protect this attack. Our team said   "For the CSRF protection, F5 will generate its own Javascript t...
ASM Advanced WAF
security
IT_Support_-_EC's avatar
IT_Support_-_EC
Icon for Nimbostratus rankNimbostratus
Jul 14, 2015

Mr. Boneyward,

 

This is the reply from our team after reading your comments

 

" - I had tried enable all three options (alarm, learn, block) but it's not helped - This is not the dynamic generated code case (the security.php link is static in the homepage) - I wanna see the F5 CSRF token generated with the security.php link, but that not happened. And F5 no blocked CSRF violation when I access security.php without token. "

 

Thank you