Forum Discussion

Nimbostratus

Mar 12, 2013

Parameter Tampering

Dear all, I want to know how can I avoid users to manipulate the URL and circumvent a security permission? Example, user clicks a link: http://myweb.com/student_data/academic...

app sec

BIG-IP Access Policy Manager (APM)

security

pcastagnaro_709

Nimbostratus

Mar 13, 2013

Posted By nathan on 03/12/2013 02:58 PM

Dependant on the answer to Mike's question could a flow policy work for you?

Rgds

I think flow policy involves into a vulnerability, because if an attacker wants to access /student_data/academic_data.jsp?studentID=AAA12345 he could do the request, tamper this adding Referer header, and application will show him page requested.

Is that correct?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Parameter Tampering

Recent Discussions

INFORM: Entrust CA will be untrusted in Chrome after Oct 31, 2024

Can BIG-IP DNS recursion only my domain?

CPU data, control and analytics plane utilization

Can import iSeries 4000 config (OS ver 1.3.x) to rSeries 5000 (f5os-a 1.5.2)?

Datagroup with address and value

Related Content

Cookie Tampering Protection using F5 Distributed Cloud Platform

Brute Force protection for single parameter like OTP

Wildcard Parameter signature attack

HTTP auth - Calling external API with parameters

Parameter Value - Regular Expression

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS