CRC webpages - Anti-defacement

Question

Hi all,&nbsp;
&nbsp;I'm looking for a feature to protect my application (static content) against defacement.
&nbsp;I would like to know if ASM is able to perform a kind of CRC for each webpages of my application to raise an alert if the content is changed.&nbsp;
&nbsp;Thanks in advance.&nbsp;

hooleylist · Answer

Hi Niko, &nbsp;
&nbsp; I don't believe ASM supports this type of functionality.  If you'd like to have it considered for addition to the product, you could open a case with F5 Support requesting the enhancement.   &nbsp;
&nbsp;You can use the Dataguard feature to look for bad patterns in response content.  But I think the general best practice is to try to validate requests and prevent a web app from being compromised in the first place.&nbsp;
&nbsp; Aaron

ido_breger_3805 · Answer

Hi Niko, 
&nbsp; While ASM do not have a CRC checks, if you deploy ASM in front of this website you will significantly reduce the likelihood of a remote defacement attempt to succeed. 
&nbsp; Your use case is pretty unique because most of the websites today are dynamic in the sense that they either will display a different page to a different user ("Welcome Niko"),or that the rate in which the pages content is updated is really fast. I'm not hinting that these challenges cannot be solved, but if you do have a WAF, and it is configured properly, the risk of defacement is really low.

Forum Discussion

CRC webpages - Anti-defacement

Recent Discussions

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

F5 Switches in 'Changes Pending' Status

Related Content

anti-defacement

Anti Web Defacement?

webpage not loading with http profile

Failover Error - SOD Configuration CRC does not match

Understand why F5 blocked images on my webpage

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS