Forum Discussion

Albert_252822's avatar
Albert_252822
Icon for Nimbostratus rankNimbostratus
Mar 07, 2016

Open redirect mitigation

Hi all,

 

I'm new to F5 and probably this is a very basic question. I'd like to know your advice on mitigating an open redirect vulnerability, as could be http://www.vulnerable.com/redirect.asp?=http://www.evil.com

 

I want to allow the redirection but with an informational message which the user has to accept, like "You are going to be redirected...". What do you think is the best way to do it?

 

I guess it's possible to do it using irules (only LTM) but I'd also like to know the options using ASM.

 

Thanks in advance