Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Ravi_Kumar_Teli's avatar
Ravi_Kumar_Teli
Icon for Nimbostratus rankNimbostratus
Aug 05, 2019

Need to implement HTTP security headers and Brute Force attack prevention features

I need help on two things. 1) Need to implement HTTP security headers for a URL sub-directories (like https://google.com/photos). We already have iRules in place for main URL but unsure how to creat...
ASM Advanced WAF
irules
security
Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee
Aug 05, 2019

Answer to question 1:

 

That irule tests OK, so I'm not sure what the issue is - the PR_CONNECT_RESET_ERROR indicates that the connection was reset which could indicate an irule syntax error - check your LTM log file.

 

Answer to question 2:

 

Has your URL been Qualified?

 

URLS are qualified for captcha or javascript insertion by being accessed correctly 10 times in five minutes, or by manually qualifying the URL

tmsh modify sys db asm.cs_qualified_urls value <login URL>

 

For the URL to be qualified for JS challenge, ASM should have seen 10 requests for the URL in the PAST and the response should have had "Content-Type: text/html" and a html tag in the body.