Forum Discussion

Altocumulus

Apr 26, 2024

Solved

Open Redirection Mitigation

hello, ASM has a feature to mitigate the open redirection attacks when the redirect happens at the header level (i.e: with Location in response). When the redirection is within the payload response...

Daniel_Wolf
May 03, 2024
Hi OM,

if this it the request: "https://website.com/redirect.jsp?url=https://google.com"
Then url is a parameter and https://google.com is a parameter value. In ASM you can control which parameter values are allowed. Issue solved.

Sample config:

And the result:

KR
Daniel

Altocumulus

May 03, 2024

yes, the response is within the body... see below

the request was something like : https://website.com/redirect.jsp?url=https://google.com

I know that I can use iRules, but I was looking for something built-in in asm.

any other hint ?

thanks.

<html>
<script type="text/javascript">

if(window.opener)
{
window.opener.top.location = 'https://google.com';
window.close();
}
else
{
window.top.location = 'https://google.com';
}
</script>
</html>

Daniel_Wolf

MVP

May 03, 2024

Hi OM,

if this it the request: "https://website.com/redirect.jsp?url=https://google.com"
Then url is a parameter and https://google.com is a parameter value. In ASM you can control which parameter values are allowed. Issue solved.

Sample config:

And the result:

KR
Daniel

OM
Altocumulus
May 03, 2024
Thanks Daniel, that's what I did as a workaround.
The problem with that approach is, we don't have the full picture of what the website has as redirects and I try hard to avoid false positives....
I was hoping to have a built-in feature similar to open redirect in Location Header.
Anyways, I will keep an eye on the other redirects and eventualy refresh the list of parameters if another false positive pops up.

thanks.