For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

uknoodler_23999's avatar
uknoodler_23999
Icon for Altostratus rankAltostratus
Jan 06, 2017
Solved

How could I exclude Vulnerability scanners from Session Tracking?

I have enabled session tracking on an application and it has quickly blocked my vulnerability scanner. Of course this is "scan interference" and makes the results invalid. The options on the IP Ad...
ASM Advanced WAF
irule
iRules
security
session tracking
unblock
vulnerbility scanning
  • uknoodler_23999's avatar
    uknoodler_23999
    Jan 10, 2017

    Is it bad form to answer my own question?

    Anyhow, using logging I discovered that the violation name wasn't matching correctly. Here is a rule that I've now deployed and tested. 

    when ASM_REQUEST_DONE {
  if {([ASM::violation names] contains "SESSION_AWARENESS" && [ASM::violation count] < 2 && [IP::addr [IP::client_addr] equals n.n.n.n/m])} {
    ASM::unblock
  }
}
uknoodler_23999's avatar
uknoodler_23999
Icon for Altostratus rankAltostratus
Jan 10, 2017

Is it bad form to answer my own question?

Anyhow, using logging I discovered that the violation name wasn't matching correctly. Here is a rule that I've now deployed and tested. 

when ASM_REQUEST_DONE {
  if {([ASM::violation names] contains "SESSION_AWARENESS" && [ASM::violation count] < 2 && [IP::addr [IP::client_addr] equals n.n.n.n/m])} {
    ASM::unblock
  }
}
cdjac0bsen's avatar
cdjac0bsen
Icon for Nimbostratus rankNimbostratus
Mar 01, 2017

You're welcome. What would be the best syntax to add multiple IP addresses/subnets? We have about 15 we need to exclude. And I'm not keen on reading in a list of IP's from a separate file.