Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

anti-defacement

Amit585731
Nimbostratus
Nimbostratus

‎12-Mar-2019 03:00

Hi,

 

We are comparing ASM with Fortiweb and Secure sphere and wanted to understand if ASM or AWAF can support anti defacement? I couldn't find any article on F5.

 

Thank You for help.

 

Labels:
0 Kudos
5 REPLIES 5

samstep
Cirrocumulus
Cirrocumulus

‎18-Mar-2019 03:54

defacement attacks are usually executed by exploiting either Cross-Site Scripting (XSS) or Remote Code Execution (RCE) attacks - both can be detected and blocked by ASM. In other words - in order to deface a website the hackers first have to exploit a vulnerability hack into your web application / web server and replace the website contents in CMS or upload and change files on the webserver.

 

Fortiweb offering a specific anti-defacement services by monitoring the contents of the website - this is not really practical for many modern web applications as the website content changes all the time, however in ASM you can use Data Guard to monitor data leakage for specific keywords to achieve extra monitoring and blocking for defacement (provided hackers manage to break into your website protected by F5 ASM WAF)

 

James_Rey
Nimbostratus
Nimbostratus

‎07-Oct-2019 21:55

Hi Samstep,

 

Basically their Anti Web Defacement prevents all changes from Web servers either it is from a trusted(Developers) or untrusted. If someone changes it, Fortiweb have a backup of all files in the folder it is protecting and restore it the original state. If a developer needs to change or update the webserver, Fortiweb can allow changes for specific timeframe and blocks it again when it expires.

 

I believe F5 doesn’t have this kind of feature, but I think we should focus on what AntiWeb Defacement of Fortiweb resolves and what is the equivalent process of F5 to achieve the same goal. Can you suggest what can be our approach on this?

 

0 Kudos

Akhtar
Nimbostratus
Nimbostratus

‎11-Feb-2020 06:25

Hi,

 

You may get hash of each individual landing pages and apply iRule something like following to see if the page in response has the same hash before sending it over to the client.

 

 

var HASH = hash of the original page

 

 

when HTTP_RESPONSE {

if {[class match [b64encode [CRYPTO::hash -alg sha384 [HTTP::header]]] equals HASH ]}

{

 

   }

else

HTTP::collect

reject

}

 

 

0 Kudos

Tai_PhamMinh
Nimbostratus
Nimbostratus
In response to Akhtar

‎05-Apr-2022 00:19

Hello, 

I see this solution not same with anti-defacement feature on FortiWeb.

You can research on this link: Anti-defacement (fortinet.com)

If we use the HASH, this case only protect web page when send it to the client. But this feature to protect web page content on the server.

Thanks,

0 Kudos

Nikoolayy1
MVP
MVP
In response to Tai_PhamMinh

‎17-Jul-2023 07:44

Definitely it has to be tested if this feature works as most advanced features on forti products are just there to look cool but have bugs that may never be resolved.

0 Kudos
Copyright © 2023 Khoros, LLC