Forum Discussion

MVP

Jul 01, 2021

What is F5 ASM conviction and can it be used for configuring custom URL honey pot trap?

I see the feature conviction can be triggered in an irule but can it be done also in the ASM policy? Also can the honey pod traps be configured to send specific URL for the honey pod server or this i...

application delivery

ASM Advanced WAF

Integrated Bot Defense

security

Daniel_Wolf
Jul 12, 2021
This became indeed my Sunday entertainment. I came up with two use cases, which I believe are good:
Brute Force / Logon Page protection > 302 redirect the malicious actor to a fake site, trick him/her to believe he/she had a successful login. Might be an airgapped copy of your real site. Analyse the malicous actors movement on the fake site.
Bot Defense > e.g. Bot does a mass sign up on a loyalty program. Make a (slow loading) honey page to trick the bot into believing that it succesfully signed up. Let the hacker exhaust his/her resources.

I'd not use honeypages for each and everything. Hosting them requires extra resources, security measures and time effort.

Nikoolayy1

MVP

Yes but from your reply I see that it probably can not be done with F5 ASM using javascript injection to redirect to a custom URL for the honey pot?

I found the custom honey pages you are mentioning ( https://support.f5.com/csp/article/K18650749 and https://support.f5.com/csp/article/K11412315 ), thanks for the idea. With the custom response pages maybe you are suggesting for me to use and external server for the response pages that will be the honey pot as mentioned in https://support.f5.com/csp/article/K7825 ?

Daniel_Wolf

MVP

Jul 12, 2021

This became indeed my Sunday entertainment. I came up with two use cases, which I believe are good:

Brute Force / Logon Page protection > 302 redirect the malicious actor to a fake site, trick him/her to believe he/she had a successful login. Might be an airgapped copy of your real site. Analyse the malicous actors movement on the fake site.
Bot Defense > e.g. Bot does a mass sign up on a loyalty program. Make a (slow loading) honey page to trick the bot into believing that it succesfully signed up. Let the hacker exhaust his/her resources.

I'd not use honeypages for each and everything. Hosting them requires extra resources, security measures and time effort.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

What is F5 ASM conviction and can it be used for configuring custom URL honey pot trap?

Recent Discussions

NAT for specific IPs

Upgrading BIGIP 2000S to R2600

TS Declarations for DNS

how to view list os client support via cli

automatic learning logs/report ?

Related Content

LTM 9.4.2+: Custom Syslog Configuration

F5 Distributed Cloud Customer Edge on F5 rSeries – Reference Architecture

Deploying F5 Distributed Cloud Customer Edge in Red Hat OpenShift Virtualization

configure custom log profile for F5 WAF

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS