For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Abhisar's avatar
Abhisar
Icon for Nimbostratus rankNimbostratus
Jun 22, 2020

F5 ASM - Session and Login - Username and Password on different URLs

Hi All,   I have application where username and password coming in two different URLs and when password is coming no username parameter is passed, seems application is storing username in cookie...
ASM Advanced WAF
security
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Jun 22, 2020

Hi Abhisar,

 

to be honest i never had to do that, if I had to do it, I would do it the following way.

first of all i find a point in common between the 2 pages of authentificaiton.

I think you should have a session cookie or the CSRF token for example which should be similar to the 2 pages. you could perhaps confirm this point to us.

 

you could then set up a tab (you can use session tab or APM too) that records the session (username). and when you are redirected to (/user/authenticate.jsp) you would add the username parameter.

Do you understand the solution I offer you? if you need help to build the irule do not hesitate to ask me.

 

Keep me in touch.

regards

Abhisar's avatar
Abhisar
Icon for Nimbostratus rankNimbostratus
Jun 24, 2020

Hi Yousuf,

 

I would like to know more about "set up a tab" - you mean through iRule? I am not much familiar with iRules.