For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

alinayesina_102's avatar
alinayesina_102
Icon for Nimbostratus rankNimbostratus
Mar 13, 2009

Responce URI Masking/Hiding

We would like to consult on the possibility of performing a URL rewrite with the use of an iRule for domain.com. it’s not a good practice for our homepage to show as http://www.domain.com/home/default...
application delivery
dev
devops
iRules
dennypayne's avatar
dennypayne
Icon for Employee rankEmployee
Mar 31, 2009
I think Aaron means that a user could simply type the full path with the ".." which would track back up the directory tree and get into those other directories, because the iRule would only fire if /home wasn't in the request. Of course they would have to know to try that, but forced browsing is a popular attack method.

 

 

FWIW, the ASM module can restrict traffic flow to the paths you specify which would take care of your 2.

 

 

Denny