For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mohammed_M_Irfa's avatar
Mohammed_M_Irfa
Icon for Nimbostratus rankNimbostratus
Aug 16, 2018

Security Parameters: Need to be apply to make secure solutions

Hi,   We have BIG-IP LTM+ASM in HA, 13.1.0v latest version is running.   Standard type Virtual server is configured, TCP and HTTP profile is enabled. SNAT Pool List is enalbed. ASM Security Pol...
application delivery
ASM Advanced WAF
LTM
KeesvandenBos's avatar
KeesvandenBos
Icon for MVP rankMVP
Aug 17, 2018

Hi,

 

Cookie encryption is disabled in the screenshot......

 

Is it the application cookie that shows the session ID? If so, you have to encrypt it by enabling cookie encryption in the HTTP profile.

 

Look at the bottom section of your HTTP profile. There you can find HTTP STS (Strict transport security)

 

When you go to Security > Application Security > Attack Signatures. Go to advanced filtering and type directory in the string search field and click go.

 

At the bottom of the page you will find the assigned attack signatures for directory listing mitigation.

 

Cheers,

 

Kees