Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

How to secure url on irule on F5?

locki
Nimbostratus
Nimbostratus

‎30-Jun-2023 05:41

I need secure one think and i dont know how to do it correctly and properly.
We have this link on website for aplication: https://www.somewebsite.com/test/UI/Login?realm=external&goto=https://www.somewebsite.com/applicatio...
After user authentication they are redirected to website in the link: https://www.somewebsite.com/application/security_check&locale=en&service=client

All works like should be... beut there is one small secure issue, when peoples in our organization get phishing attack email to change something in their account with different link in goto something like this and after login there is something for fill credit card numer it is problem...

https://www.somewebsite.com/test/UI/Login?realm=external&goto=https://www.somewebsite.com@www.hacker...

How to prevent this on F5 to secure goto? Via some irule and explicit links, or just block @ in link?

Labels:
0 Kudos
4 REPLIES 4

Paulius
MVP
MVP

‎30-Jun-2023 06:09

@locki I believe what you are looking for is dealing with URI::query which you can read up more at the following link.

https://clouddocs.f5.com/api/irules/URI__query.html

In addition I believe someone did something similar in the following link.

https://community.f5.com/t5/technical-forum/irule-to-block-uri-with-parameters-irrespective-of-uri-q...

Is the F5 working as your perimeter device and does it have WAF enabled on it? I think this situation might be better dealt with by using WAF rather than relying on a manually created and updated iRule to protect the entirety of your user base.

locki
Nimbostratus
Nimbostratus
In response to Paulius

‎30-Jun-2023 06:18

There is ASM on the box, on perimeter is FW then F5, I also think there must be better solution then some irule...

0 Kudos

Paulius
MVP
MVP
In response to locki

‎03-Jul-2023 05:23

@locki I defer to @Daniel_Wolf comment which is a great option that seems like it would work for you.

0 Kudos

Daniel_Wolf
MVP
MVP

‎01-Jul-2023 07:00

Hi @locki,

seems your app is vulnerable to open redirects. Take a look at the following links to learn more:

Can be fixed with ASM (BIG-IP v16.1): MyF5 > BIG-IP Application Security Manager: Implementations > Mitigating Open Redirects  
IMHO it should be fixed in the app code by your developers.

KR
Daniel

Copyright © 2023 Khoros, LLC