Apache Log4j2 (CVE-2021-44228) mitigation iApp

Problem this snippet solves:

There is a CVE released related to Apache log4j, which could be a vulnerability on a server located behind the BIG-IP.

F5 SIRT have helpfully created an iRule to mitigate this vulnerability, this is an iApp to simplify creation and management of the iRule.

How to use this snippet:

Install the iApp Template

• Download and unpack the archive
• Login to BIG-IP TMUI and navigate to iApps>Templates
• Hit Import button, select the template and hit Upload

Create an iRule instance

• Navigate to iApps>Application Services>Applications
• Hit Create button, enter a relevant Name and select the log4j2_mitigation template
• Set the Debug Level ( Off, Attack or Debug ). Off = no logs, Attack = logs in the case of an attack detected, Debug = more detailed logs
• Hit Finished - iRule should be created

Assign iRule to virtual server

• Navigate to LTM>Virtual Servers.
• Click on the Virtual Server, navigate to Resources tab
• Click Manage button under iRules section, add iRule. Note the Virtual Server must have an assigned http profile for this iRule, otherwise it will throw an error.

Manage iRule

• If you have issues with the iRule or want to modify logs, navigate to iApps>Application Services>Applications and click on the deployed service.
• Navigate to the Reconfigure tab, make changes and hit Finished

Tested this on version:

15.1