Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

blocking ZAP tool

kaoutar
Cirrus
Cirrus

‎12-Apr-2023 04:36

Hi All,

we noticed recently that some attackers use the ZAP tool to scan our web apps and most of those requests generate some issues, we tried to block these requests using attack signature based on string contains ZAP but it didn't match, so could you please suggest me another way to block these requests.

thank you

Labels:
0 Kudos
5 REPLIES 5

Paulius
MVP
MVP

‎12-Apr-2023 05:50

@kaoutar If you can figure out an HTTP header that is always added for this tool you can block it by searching the HTTP header value and if located the connection is dropped.

0 Kudos

kaoutar
Cirrus
Cirrus
In response to Paulius

‎12-Apr-2023 06:04

Thank you @Paulius, Unfortunately the matching key exists only on the payload of the Post request, nothing unusual in the URI or the header

0 Kudos

CA_Valli
MVP
MVP
In response to kaoutar

‎12-Apr-2023 06:29

Is the key static? Intercepting payload content is possible with irules 

0 Kudos

kaoutar
Cirrus
Cirrus
In response to CA_Valli

‎12-Apr-2023 07:08

Yes, it's a static key

0 Kudos

Paulius
MVP
MVP
In response to kaoutar

‎12-Apr-2023 07:19

@kaoutar You might be able to use the following link to gather this information and then block it.

https://my.f5.com/manage/s/article/K07535385

0 Kudos
Copyright © 2023 Khoros, LLC