Albert_252822
Mar 07, 2016Nimbostratus
Open redirect mitigation
Hi all,
I'm new to F5 and probably this is a very basic question. I'd like to know your advice on mitigating an open redirect vulnerability, as could be http://www.vulnerable.com/redirect.asp?=http://www.evil.com
I want to allow the redirection but with an informational message which the user has to accept, like "You are going to be redirected...". What do you think is the best way to do it?
I guess it's possible to do it using irules (only LTM) but I'd also like to know the options using ASM.
Thanks in advance
Hi Albert,
You can do this by enabling the redirection protection Security > Application Security > Headers > Redirection Protection. ( assuming you have got 11.5.X) The below link will help to solve the problem !
Cheers,