For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Cpet's avatar
Cpet
Icon for Altocumulus rankAltocumulus
Jul 29, 2019

Security issue - Oracle Identity System Administration login screen is exposed to public

Hi to all,   I have a cluster with 2 Big-IP VM ver13.1 .A VS has the role to load balanced OAM.I discovered that the Oracle Identity System Administration login screen is exposed to public.I foun...
BIG-IP
iRules
security
iaine's avatar
iaine
Icon for Nacreous rankNacreous
Aug 07, 2019

here's a couple of log lines to hopefully help. logs will go to /var/log/ltm or the Local Traffic tab in the Logs section of the GUI

when HTTP_REQUEST {
 
if { [string tolower [HTTP::uri]] starts_with "/sysadmin/faces/signin"}{
	log local0. "URI is [HTTP::uri] - IP Address is [IP::client_addr]"
 
	if {not [IP::addr [IP::client_addr] equals 10.0.40.0/24]} {
		log local0. "Dropping the connection from [IP::client_addr]"
		drop
		}
	}
}