For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Community Highlights, Week 42, '22

Here's a quick list of the past week's security content before I call out individual user posts below:

Lior_Rotkovitch wrote up Software management, the seasonal return of DDoS - F5 SIRT- This Week in Security: 10/9 - 10/15
Greg_Coward shared How I did it - "Configuring remote logging for F5 Distributed Cloud Services"
AaronJB answered a common question in Certifications for security professionals
JRahm takes us through My Security+ Certification Journey
Shubham_Mishra published Mitigating OWASP API Sec Top 10 API7:2019 Security Misconfiguration using F5 Distributed Cloud WAAP
Adam_Schumacher tells us about NGINX for Azure: Azure Key Vault

We've got a new Scary Hack Stories! over on the DevCentral YouTube channel

Scary Hack Stories: The DEVIL in the XFF !!

Forum post highlights:

@augustobd asked and answered their own question about how to use multiple SSL Profile Client in Virtual Server
Pablosky wanted to know how to see the all certificates assigned to virtual servers on cli, and mihaic came through with the answer
tub91 needed some clarification about clarification regarding client authentication via certificate, and Manuel_ recognized the issue and pointed tub91 to their old post with the solution

Unanswered questions:

@SanjayP still wants to know about All attack signatures vs server/application specific ASM attack signatures
luevelvet wants to enable logging of binary execution or cli history
escman needs help with a tcp/http payload irule

Notable solutions:

reesek wrote and shared Perform out-of-place upgrade of vCMP guests via Ansible in the CrowdSRC tab
CA_Valli replied to Muhannad's question about how to rewrite the HTTP request toward the server side

Notable users (excluding F5 employees):

Most kudoed authors:

Gave the most kudos:

Top kudoed post:

Lior_Rotkovitch's article A Day in the Life of a Security Engineer from Tel Aviv got the most kudos, and if you haven't read it yet, click the link to find out why
reesek's CrowdSRC article Perform out-of-place upgrade of vCMP guests via Ansible tied with
field_bad_service's post SSL PROFILE - How to use multiple SSL Profile Client in Virtual Server

Tip of the week:

This Highlights post covered week 42 for the year... don't forget your towel (and thanks for all the fish)!

Published Oct 25, 2022

Version 1.0

Leslie_Hubertus

Ret. Employee

Cat-herder extraordinaire who is passionate about connecting community.

2 Comments

LiefZimmerman
Admin
Oct 25, 2022
Congrats Deena on all those kudos!
Looks like you struck a nerve with those questions about F5 Lingo and Migrating to F5. 🙂

I guess that means we have some work to do in explaining what F5 is, as a solution more broadly!
JP-Patches
Nimbostratus
Oct 25, 2022
"For a moment, nothing happened. Then, after a second or so, nothing continued to happen."
hah - the 42 reference - took me a bit to catch that.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)