Forum Discussion

Nimbostratus

Sep 25, 2007

CRSF Vulnerability

Not sure where the ASM Module Forum is -- but wondering if anyone has tried to prevent Cross Site Request Forgery through iRules or know if F5 is developing a solution for ASM. There is wha...

config

design

hoolio

Cirrostratus

Oct 02, 2007

I'll add that ASM is designed to protect against XSRF, XSS (and many other) attacks using both positive and negative validation of requests. There are character sets which define valid characters in parameter names, parameter values, headers and the object. There are a set of default regular expressions against these same components which validate the request does not contain malicious patterns. Custom regexes can be added as well. ASM also enforces length restrictions which limit how big the total request, header, parameter and parameter values can be.

iRules can help provide good specific security. ASM provides a more comprehensive package of validations and protection. I would imagine you could talk with an F5 salesperson to get more specifics on ASM.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)