For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Cirrostratus rank

Cirrostratus

Jul 09, 2025

IDOR and F5

Does F5 block IDOR vulnerability ? i think this is logical authorization flaw which should be fixed from application level as the WAF treat that as normal url . I'm right ? the case is when you change the id in url you can reach other user profile

application delivery

1 Reply

Injeyan_Kostas
Nacreous
Jul 09, 2025
Hi THE_BLUE
You are right, WAF will stil see a valid request, so no block.
You will need to fixed in app or use a user context aware mechanish like APM
Check this

F5 Academy at AppWorld 2026

DevCentral News

Aswin MK - November 2025 Featured Member

DevCentral News

Introducing the F5 AI Assistant for BIG-IP

Technical Articles

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5