Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

How does F5 Protect from Token Theft


We currently use F5 to establish secure connections to our remote desktop sessions for remote users. These users are using their personal machines so we dont provide any additional NextGen AV protection

Token stealing / Token Theft / Cookie session stealing to bypass MFA is a concern. An attacker can reply a token and byass MFA. How does F5's protect users from Token theft? 


you may find this useful :

I am sorry I am not expert with APM module , but if you provision it , I think this Article will be useful for you.

Mohamed Kansoh


Which functions / modules are you using?
APM and AWAF could possibly be used to look for more than cookies.
So cookies and say orginating IP. So if the IP changes it might have been hijacked.

But if someone is on a mobile connection which could have its IP changed mid-session this may course other issues.

If you're using APM - you could look at client cert verification, or the agent to try to be more comfortable that your connection isn't hijackable.


Does the F5 Big IP have the ability to enable Session Quotas? 


Limit the number of active sessions a user can have simultaneously. If token theft occurred the previous session would time out, causing the user to alert

Things like that are possible, as asked before, which modules are you using? This helps giving hints of where to look for the functionality.