For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Joseph_Webb_169's avatar
Joseph_Webb_169
Icon for Nimbostratus rankNimbostratus
Sep 06, 2017

How do I mark a non-standard parameter/field in ASM as sensitive or obfuscate it?

Just deployed an ASM in line with a bunch of virtual servers, but I am seeing a bunch of traffic flows that look like XML, but don't really conform to the open and closing tag format. I need to fig...
ASM Advanced WAF
security
CharlesCS's avatar
CharlesCS
Icon for Cirrus rankCirrus
Sep 06, 2017

This data format isn't XML but rather OFX (Open Financial Exchange), a financial data exchange standard originally based on SGML.

 

OFX client systems are not typically web browsers, hence features like javascript aren't available. This would preclude the use of many ASM features.

 

Further, ASM brute force protection is restricted to specific content types (text/html, text/xml, application/sgml, application/xml, application/html, application/xhtml, application/x-asp, or application/x-aspx) but OFX data has a content type of "application/x-ofx" and therefor wouldn't be included.

 

Protection for OFX services is probably better provided by a combination of IP Intelligence (to exclude known bad-actor sources) and custom iRules to examine OFX requests for specific strings used for brute-force OFX attacks or to collect data to identify bad-actors for blocking.

 

You should probably make contact with your F5 Account team to see about resources that can help you develop a suitable solution.