Forum Discussion
uknoodler_23999
Altostratus
Jan 06, 2017How could I exclude Vulnerability scanners from Session Tracking?
I have enabled session tracking on an application and it has quickly blocked my vulnerability scanner. Of course this is "scan interference" and makes the results invalid.
The options on the IP Ad...
- Jan 10, 2017
Is it bad form to answer my own question?
Anyhow, using logging I discovered that the violation name wasn't matching correctly. Here is a rule that I've now deployed and tested.
when ASM_REQUEST_DONE { if {([ASM::violation names] contains "SESSION_AWARENESS" && [ASM::violation count] < 2 && [IP::addr [IP::client_addr] equals n.n.n.n/m])} { ASM::unblock } }
Kevin_Davies_40
Nacreous
Apr 18, 2015F5 will not add last-modified headers unless you have additional profiles attached. You will need to check if the 304 message is actually being sent to the client. Use tcpdump and wireshark to confirm this.
Kevin_Davies_40
Nacreous
Apr 18, 2015I'm surprised if it modifies any headers. It should just pass them through. A tcpdump capture client and serverside should confirm this.
- Hi Dave,
- DaveC_53879Aug 10, 2011
Nimbostratus
Thanks Aaron. I'll give it a try. - DaveC_53879Aug 15, 2011
Nimbostratus
Aaron
- Colin_Walker_12Aug 15, 2011Historic F5 AccountHmmm, the formatting should be preserved by just copy and pasting. Try adding code tags around it next time:
- DaveC_53879Aug 15, 2011
Nimbostratus
Updating the cookie to maintain persistence across all sub-domains is what I meant. I have a test site setup with only this one rule in place, so not sure what I could do different. Any ideas? - DaveC_53879Aug 16, 2011
Nimbostratus
This part of the rule isn't doing anything because it's not logging. Do I need to define My_cookie somewhere? - Michael_YatesAug 16, 2011
Nimbostratus
If you are trying to create a custom cookie take a look here: - Just change My_cookie to the cookie name you want to rewrite the domain for. If you're using the default cookie name for the cookie insert persistence profile, you can use this:
Check if the persistence cookie exists in the response if {[HTTP::cookie exists "BIGipServer[LB::server name]"]} { set the domain attribute on the persistence cookie HTTP::cookie domain "BIGipServer[LB::server name]" ".ddcpoc.com" log local0. "[IP::client_addr]:[TCP::client_port]: Modified domain on BIGipServer[LB::server name]" }
- DaveC_53879Aug 17, 2011
Nimbostratus
Thanks for the responses. I had actually tried using a named cookie yesterday but got some strange results and I get the same strange results today, but now I see where the problem is. I've been using IE8 and FF4 to test. IE8 is now working correctly, as it is inserting the correct domain name in the cookie and so stays persistent regardless of the sub-domain. Thanks for the help getting this working. I see the same results in FF 3.6.17.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects