Forum Discussion
F5 ASM/AWAF Remote File Inclusion signatures do not block http:// or https:// in the form parameter
- Jul 27, 2023
I tested this on other vendors and it is the same as the info I got is that there are no default signatures for this RFI attack as it will cause many issues an false positives, so you need to make a custom signature/irule to block this for the specific vunrable parameter.
Outside of that for XC Distributed Cloud the Service policy rules seem the way to go for configuring something like signatures:
To my total astonishment I can reproduce this.
All Remote File Include Signatures are enforced in this policy.
And the ASM Request Log shows the malicious request just passes.
I am afraid we are missing something fundamental here 🙂
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com