Forum Discussion

Nimbostratus

Jun 30, 2023

How to secure url on irule on F5?

I need secure one think and i dont know how to do it correctly and properly. We have this link on website for aplication: https://www.somewebsite.com/test/UI/Login?realm=external&goto=https://www.so...

devops

security

Daniel_Wolf

MVP

Jul 01, 2023

Hi locki,

seems your app is vulnerable to open redirects. Take a look at the following links to learn more:

OWASP Cheat Sheet Series - Unvalidated Redirects and Forwards
MITRE - CWE-601: URL Redirection to Untrusted Site
PortSwigger - Open redirection

Can be fixed with ASM (BIG-IP v16.1): MyF5 > BIG-IP Application Security Manager: Implementations > Mitigating Open Redirects
IMHO it should be fixed in the app code by your developers.

KR
Daniel

Forum Discussion

How to secure url on irule on F5?

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

Applicaton security logs stopped

Security Advisory Status

irule ports

Window Coverings and Security

The Top Ten Hardcore F5 Security Features in BIG-IP 11.6