Forum Discussion
alinayesina_102
Mar 13, 2009Nimbostratus
Responce URI Masking/Hiding
We would like to consult on the possibility of performing a URL rewrite with the use of an iRule for domain.com. it’s not a good practice for our homepage to show as http://www.domain.com/home/default...
dennypayne
Mar 31, 2009Employee
I think Aaron means that a user could simply type the full path with the ".." which would track back up the directory tree and get into those other directories, because the iRule would only fire if /home wasn't in the request. Of course they would have to know to try that, but forced browsing is a popular attack method.
FWIW, the ASM module can restrict traffic flow to the paths you specify which would take care of your 2.
Denny
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects