Scan Vulnerabilities & irules

Question

&nbsp;
Hello All,&nbsp;
 &nbsp;
1) Is there a general consensus that specific types of application vulnerabilities identified through a scan can be patched/mitigated temporarily with the use of irules  in f5 ?&nbsp;
2) If yes , then What type vulnerabilities are these and what are their respective irules ?&nbsp;
 &nbsp;
Note - I know thre is a irule discussion group  , but i wanted to know inputs from here as well.&nbsp;
 &nbsp;
Regards&nbsp;
Nik&nbsp;

what_lies_bene1 · Answer

There's quite a few, I've listed a few simple examples below. Is there something specific you have in mind? 
&nbsp; 
Restrict HTTP Methods
when HTTP_REQUEST {
 switch [HTTP::method] {
  Exit if method is GET
  "GET" { return }
  Exit if method is POST
  "POST" { return }
  Reject any other request methods
  default { reject }
  }
}

Mitigate Code Red &amp; Nimda
when HTTP_REQUEST {
 set requri [string tolower [HTTP::uri]]
 switch –glob $requri {
  "*default.ida*" – 
  "*cmd.exe*" – 
  "*root.exe*" – 
  "*admin.dll*" {
  Drop the request silently
   drop }
 }
}

Forum Discussion

Scan Vulnerabilities & irules

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Advanced iRules: Scan

Advanced iRules: Binary Scan

Introducing F5 Distributed Cloud Web App Scanning

OpenSSH vulnerability

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS