For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sshekha4's avatar
sshekha4
Icon for Nimbostratus rankNimbostratus
May 10, 2022

F5 LTM | IControl Resr

Hi Team, Hope you all are doing great.  I have one question. What is iControl Rest , and how would i know whether it is cuurently being used on F5 or not. ? Regards, RAQS
application delivery
JRahm's avatar
JRahm
Icon for Admin rankAdmin
May 11, 2022

If this inquiry is in relation to the CVE, know that whether or not you're using iControl REST, it's by default accessible on the system on the management interface and self IPs if port 443 is allowed. If that's the case, 1) disable self IP access immediately if not patched, 2) protect/inspect/analyze for your internal management access, and 3) patch!!

  • sshekha4's avatar
    sshekha4
    Icon for Nimbostratus rankNimbostratus
    May 11, 2022

    Hi Jrahm,

    Thanks for replying. Yeah its in relation with that only and i have upgraded all system to 15.1.5.1.

    But for my knowledge i am intrested to know how i ll determine whether my F5s are using it or not. 

     

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin
      May 11, 2022

      Good deal on getting patched! You can check your logs to see if anyone is taking advantage of the REST interface:

      • /var/log/restjavad-audit.0.log shows all authentications to the iControl REST service. This is an ordered list of every REST call.
      • /var/log/restjavad.0.log contains information about connections to the iControl REST service, such as errors returned.