Forum Discussion

Nimbostratus

May 04, 2016

Using ASM to scan served content

I have a multi-user web serving environment where content is uploaded via sftp. I need to scan served content for keywords and block if any keywords are matched. I'm attempting to use a custom attack...

Employee

May 06, 2016

The ASM is an HTTP web application firewall. It can scan outbound HTTP traffic so long as the traffic is not encrypted as it passes through the BigIP. It cannot scan FTP traffic. SFTP traffic is a larger problem, as it is not only FTP rather than HTTP traffic, it is encrypted, and the BigIP does not have a good way to decrypt it.

If you are trying to scan HTTP traffic being served you need to configure Dataguard. Dataguard's entire purpose in life is to get the ASM to block outbound traffic that matches sensitive data. You can read about dataguard here: https://support.f5.com/kb/en-us/solutions/public/8000/300/sol8363

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)