Forum Discussion

locki's avatar
locki
Icon for Nimbostratus rankNimbostratus
Jun 30, 2023

How to secure url on irule on F5?

I need secure one think and i dont know how to do it correctly and properly.
We have this link on website for aplication: https://www.somewebsite.com/test/UI/Login?realm=external&goto=https://www.somewebsite.com/application/security_check&locale=en&service=client
After user authentication they are redirected to website in the link: https://www.somewebsite.com/application/security_check&locale=en&service=client

All works like should be... beut there is one small secure issue, when peoples in our organization get phishing attack email to change something in their account with different link in goto something like this and after login there is something for fill credit card numer it is problem...

https://www.somewebsite.com/test/UI/Login?realm=external&goto=https://www.somewebsite.com@www.hackerssite.com&locale=en&service=client

How to prevent this on F5 to secure goto? Via some irule and explicit links, or just block @ in link?

4 Replies