Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

How to secure url on irule on F5?


I need secure one think and i dont know how to do it correctly and properly.
We have this link on website for aplication:
After user authentication they are redirected to website in the link:

All works like should be... beut there is one small secure issue, when peoples in our organization get phishing attack email to change something in their account with different link in goto something like this and after login there is something for fill credit card numer it is problem...

How to prevent this on F5 to secure goto? Via some irule and explicit links, or just block @ in link?



@locki I believe what you are looking for is dealing with URI::query which you can read up more at the following link.

In addition I believe someone did something similar in the following link.

Is the F5 working as your perimeter device and does it have WAF enabled on it? I think this situation might be better dealt with by using WAF rather than relying on a manually created and updated iRule to protect the entirety of your user base.

There is ASM on the box, on perimeter is FW then F5, I also think there must be better solution then some irule...

@locki I defer to @Daniel_Wolf comment which is a great option that seems like it would work for you.

Hi @locki,

seems your app is vulnerable to open redirects. Take a look at the following links to learn more:

Can be fixed with ASM (BIG-IP v16.1): MyF5 > BIG-IP Application Security Manager: Implementations > Mitigating Open Redirects  
IMHO it should be fixed in the app code by your developers.