cancel
Showing results for 
Search instead for 
Did you mean: 

How to prevent from server side template injection attack through ASM Policies?

Karthik_Guna
Nimbostratus
Nimbostratus

Hello All,

 

Recently, we have observed the server side template injection attack, but not detected with any of ASM signatures.

 

{{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}}

 

Could you, Please provide your suggestion to protection from this kind of attack

 

Regards,

1 REPLY 1

Simon_Blakely
F5 Employee
F5 Employee

You will need to write a custom ASM Signature

 

AskF5 | Manual Chapter: Writing Custom Attack Signatures