Apache Log4j2 (CVE-2021-44228) mitigation iApp
Problem this snippet solves:
There is a CVE released related to Apache log4j, which could be a vulnerability on a server located behind the BIG-IP.
F5 SIRT have helpfully created an iRule to mitigate this vulnerability, this is an iApp to simplify creation and management of the iRule.
How to use this snippet:
Install the iApp Template
- Download and unpack the archive
- Login to BIG-IP TMUI and navigate to iApps>Templates
- Hit Import button, select the template and hit Upload
Create an iRule instance
- Navigate to iApps>Application Services>Applications
- Hit Create button, enter a relevant Name and select the log4j2_mitigation template
- Set the Debug Level ( Off, Attack or Debug ). Off = no logs, Attack = logs in the case of an attack detected, Debug = more detailed logs
- Hit Finished - iRule should be created
Assign iRule to virtual server
- Navigate to LTM>Virtual Servers.
- Click on the Virtual Server, navigate to Resources tab
- Click Manage button under iRules section, add iRule. Note the Virtual Server must have an assigned http profile for this iRule, otherwise it will throw an error.
Manage iRule
- If you have issues with the iRule or want to modify logs, navigate to iApps>Application Services>Applications and click on the deployed service.
- Navigate to the Reconfigure tab, make changes and hit Finished
Tested this on version:
15.1
Updated Feb 08, 2022
Version 2.0
