Forum Discussion

Nimbostratus

Sep 07, 2017

Custom Attack Signature to block request with No UA or Referer

I want to be able to check and see if the request is missing both the User-Agent String and the Referer, and possibly block the request. So I know I can do this with an iRule, but I am wanting to tr...

Cirrostratus

Hi Mike,

I think configuring mandatory headers will be help. Please find the below link.

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/29.htmlunique_2103859402

Mike_Maher

Nimbostratus

Sep 07, 2017

Yea, I am not sure that will accomplish what I am looking for. Which is to check if both Headers are missing. If a UA is present but the referer isn't I will still want to allow the traffic. Also I may need the ability to whitelist the signature for certain traffic.

It would be nice if in policy there was a way to attach mandatory header conditions per URL.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Custom Attack Signature to block request with No UA or Referer

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Cloud Docs - F5OS Technical Reference Materials

Deploy the NGINX Modern Apps Reference Architecture locally

Distributed caching of authentication requests with NGINX Ingress Controller

Wildcard Parameter signature attack

BoT Defense Profile, Signature Enforcement

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS