For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mohammed_M_Irfa's avatar
Mohammed_M_Irfa
Icon for Nimbostratus rankNimbostratus
Aug 16, 2018

Security Parameters: Need to be apply to make secure solutions

Hi,   We have BIG-IP LTM+ASM in HA, 13.1.0v latest version is running.   Standard type Virtual server is configured, TCP and HTTP profile is enabled. SNAT Pool List is enalbed. ASM Security Pol...
application delivery
ASM Advanced WAF
LTM
KeesvandenBos's avatar
KeesvandenBos
Icon for MVP rankMVP
Aug 16, 2018

Hi,

 

  1. Which cookie does not contain the "secure" attribute? Your BIG-IP persistence cookie? If so you should enable it on the cookie persistence profile. If it is the application cookie you should rewrite that cookie (with an irule) to insert the "secure" attribute.
  2. Is this for the webserver or for your BIG-IP persistence cookie? (if it is your BIG-IP persistence cookie, enable encryption on the cookie (I think you should alway's encrypt your BIG-IP persistence cookie))
  3. Enable HTTP Strict transport security on your BIG-IP HTTP Profile (or is there another header your security team want's to insert?)
  4. Did you enable the directory listing attack signatures in your ASM policy?

Cheers,

 

Kees