Forum Discussion
Albert_252822
Mar 07, 2016Nimbostratus
Open redirect mitigation
Hi all,
I'm new to F5 and probably this is a very basic question. I'd like to know your advice on mitigating an open redirect vulnerability, as could be http://www.vulnerable.com/redirect.asp?=h...
- Mar 07, 2016
Hi Albert,
You can do this by enabling the redirection protection Security > Application Security > Headers > Redirection Protection. ( assuming you have got 11.5.X) The below link will help to solve the problem !
Cheers,
Albert_252822
Mar 08, 2016Nimbostratus
Hi Vijith,
Thanks for your answer, that's very useful information. However, I only see the option to block the redirection and I'd like to allow the redirection to the non whitelisted domains/subdomains adding a message which the user have to accept before being redirected.
- Vijith_182946Mar 09, 2016CirrostratusI suppose you need to utilise iRule in this case.
- Albert_252822Mar 09, 2016NimbostratusYes, I supposed it. Thanks!
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects