Forum Discussion

Cirrostratus

Jul 09, 2025

IDOR and F5

Does F5 block IDOR vulnerability ? i think this is logical authorization flaw which should be fixed from application level as the WAF treat that as normal url . I'm right ? the case is when you chang...

application delivery

security

Injeyan_Kostas

Nacreous

Jul 09, 2025

Hi THE_BLUE

You are right, WAF will stil see a valid request, so no block.

You will need to fixed in app or use a user context aware mechanish like APM
Check this

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

IDOR and F5

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 XC 503 upstream_reset_before_response_started{protocol_error}

CVE mitigation on F5 XC vs classic F5 WAF

F5 mssql health monitor failing

Could not communicate with the system. Try to reload page.

UCS Encryption Question

Related Content

F5 HTTPS Redirect 2025

F5 Threat Report - November 19th, 2025

F5 Threat Report - November 26th, 2025

Introducing the F5 Application Study Tool (AST)

F5 Threat Report - October 1st, 2025

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS