Forum Discussion

Brian_Brehart's avatar
Brian_Brehart
Icon for Altostratus rankAltostratus
Dec 04, 2019

Understand why F5 blocked images on my webpage

Greetings,

In September we upgraded our F5 Silverline WAF to v13, and as soon as we turned it on, reports came in about blocked images on our webpages. I'm trying to pinpoint the source of the block and understand why the blocks occurred at all, but I'm not having any luck. How would one discern (from the logs):

  1. What was blocked by the WAF
  2. Why the image was blocked and how to remediate that.

 

Cheers

security
Silverline
  • Brian_Brehart's avatar
    Brian_Brehart
    Dec 05, 2019

    We do, but there are multiple codes that can be attributed to a single violation type. Upon further investigation, we've found that it's not all images; we run a site where you can browse products, and then click on images for those products (very similar to Amazon and every other e-commerce site in the world). The previews show, and the images for similar products show, but the images specific to the product clicked on do not. I've attached an illustration to demonstrate what's happening.

  • Yoann_Le_Corvi1's avatar
    Yoann_Le_Corvi1
    Icon for Cumulonimbus rankCumulonimbus
    Dec 06, 2019

    Hi

     

    My guess is there is some kind of preloading done by a Javascript component... When accessing the site, use the DEV Tools of your browser ( F12 ) , and try to identify request with a 403 status code (or other if you changed the default behaviour). Like this you may be able to get the blocked URL.

     

    The Javascript preload is kind of a pain sometimes as you do not see the support id when the page is blocked.

     

    Yoann

  • Brian_Brehart's avatar
    Brian_Brehart
    Icon for Altostratus rankAltostratus
    Dec 05, 2019

    So, having read this, I guess I've answered my own question. I just have to have my AppDev team determine why some images are being blocked while others aren't.

  • Brian_Brehart's avatar
    Brian_Brehart
    Icon for Altostratus rankAltostratus
    Dec 05, 2019

    We do, but there are multiple codes that can be attributed to a single violation type. Upon further investigation, we've found that it's not all images; we run a site where you can browse products, and then click on images for those products (very similar to Amazon and every other e-commerce site in the world). The previews show, and the images for similar products show, but the images specific to the product clicked on do not. I've attached an illustration to demonstrate what's happening.

  • Yoann_Le_Corvi1's avatar
    Yoann_Le_Corvi1
    Icon for Cumulonimbus rankCumulonimbus
    Dec 05, 2019

    Hi

     

    When you send a request to that blocked image, don't you get a response from the ASM with a support code ? This should allow you to quickly identify the "blocking" cause.

     

    Yoann