hope you all are doing great.
Regarding recent vulnerability (K19026212), it seems F5 module’s are not vulnerable to it but in a way to protect to Backend server we can apply suggested iRule. So my question is do i need to bind this irule in all LB VIPs (from application perspective) or only those VIPs which are in front of APACHE. 2) will there be any negative impact on vip post binding irule ? 3) what exactly this irule is doing ?
For any security related issue, you should really open a support case and receive official advice from the security team. I post here with an F5 badge, but I am not a member of the SRT team and this should not be considered an official F5 security response.
1) only in front of APACE is fine
2) nothing is life is free, especially security! it takes time and CPU to execute irules and memory to store variables. the amount is likely trivial for most people, but what is trivial or not will differ depending on your needs
3) it scans the contents of the HTTP request for known attack signature patterns and drops the request if a match is found