For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Danny_19714's avatar
Danny_19714
Icon for Nimbostratus rankNimbostratus
Feb 01, 2008

Zero-day exploits

I am currently researching the BIG-IP Web Application Firewall and have a question. Lets assume I have a web application running on IIS protected by BIG-IP and has the relevant iRules applied. Will BI...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Feb 05, 2008
Hi Danny,

 

 

I don't think I can give an unqualified answer to that. But if you have a well built ASM policy using the positive security model, that policy will block most attacks. For example, if there is an IIS exploit which depends on an attacker being able to use a % in the requested object, and you have that character disallowed in the character set for objects, the request will be marked as illegal. Likewise, if you don't explicitly allow access to .exe or .dll object types, and the newly discovered exploit depends on access to one of these object types, the attack would be blocked.

 

 

Of course, it's always a good practice to keep the servers patched as soon as practical.

 

 

Aaron