blocking ZAP tool

Question

Hi All,we noticed recently that some attackers use the ZAP tool to scan our web apps and most of those requests generate some issues, we tried to block these requests using attack signature based on string contains ZAP but it didn't match, so could you please suggest me another way to block these requests.thank you

paulius · Answer

kaoutar If you can figure out an HTTP header that is always added for this tool you can block it by searching the HTTP header value and if located the connection is dropped.

kaoutar · Answer

Thank you Paulius, Unfortunately the matching key exists only on the payload of the Post request, nothing unusual in the URI or the header

ca_valli · Answer

Is the key static? Intercepting payload content is possible with irules&nbsp;

kaoutar · Answer

Yes, it's a static key

paulius · Answer

kaoutar You might be able to use the following link to gather this information and then block it.
https://my.f5.com/manage/s/article/K07535385

Forum Discussion

blocking ZAP tool

5 Replies

Recent Discussions

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Related Content

Anonymous DDOS Tools 2016

Ubuntu Vuln, Magika Tool, Chrome's Defense Feature, & CVE 2023-50387

Chameleon Malware, Ransomware Decryption Tool Dec 18-24, 2023 - F5 SIRT - This Week in Security

Sharpening Your Tools: Advent of Code with iRules

asmevents tool to retrieve events from an ASM device