blocking ZAP tool

Question

Hi All,we noticed recently that some attackers use the ZAP tool to scan our web apps and most of those requests generate some issues, we tried to block these requests using attack signature based on string contains ZAP but it didn't match, so could you please suggest me another way to block these requests.thank you

paulius · Answer

kaoutar If you can figure out an HTTP header that is always added for this tool you can block it by searching the HTTP header value and if located the connection is dropped.

kaoutar · Answer

Thank you Paulius, Unfortunately the matching key exists only on the payload of the Post request, nothing unusual in the URI or the header

ca_valli · Answer

Is the key static? Intercepting payload content is possible with irules&nbsp;

kaoutar · Answer

Yes, it's a static key

paulius · Answer

kaoutar You might be able to use the following link to gather this information and then block it.
https://my.f5.com/manage/s/article/K07535385

Forum Discussion

blocking ZAP tool

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

dynamic signature detection

DNS HM Probe issue

F5 looses the token for the first call

Related Content

Quantum Computer decrypt RSA, Bitcoin PQC, Solidity audit tool, Meaningless threat

Anonymous DDOS Tools 2016

Sharpening Your Tools: Advent of Code with iRules

Ubuntu Vuln, Magika Tool, Chrome's Defense Feature, & CVE 2023-50387

asmevents tool to retrieve events from an ASM device

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS