For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

RockBD's avatar
RockBD
Icon for Altocumulus rankAltocumulus
Nov 10, 2024

VAPT or APT tools scan prevention

Hello  When the security team starts Vulnerability Assessment and Penetration Testing (VAPT) or Application Security Testing (APT) on a web application, then it can go and test those web pages tha...
application delivery
security
RockBD's avatar
RockBD
Icon for Altocumulus rankAltocumulus
Nov 11, 2024

I want to block unregistered user access from outside world to my web systems. outside access can be VAPT scans or other for unregister users.

zamroni777's avatar
zamroni777
Icon for MVP rankMVP
Nov 19, 2024

in that case, you can try adding APM access profile's authentication page to the LTM vserver.
it's not tunnel mode so shouldnt need apm ccu license.

i implemented such mechanism using other ADC brand for a corporate banking website.

surely vapt can still access that webpage but bigip wont forward unauthenticated requests to backend ltm pool members.