ASM Advanced WAF
3173 TopicsHow to disable weak cipher from Client SSL Profile
Hi, We have disabled few ciphers and we have rating "A" in qualys ssl checker portal. We have a requirement to disable weak ciphers as well. Could some one advice how to disable weak ciphers. Please find the attachment for reference. ThanksSolved11KViews1like25CommentsThe requested URL was rejected Please consult with your administrator
Hi, We are getting "The requested URL was rejected Please consult with your administrator" when application is kept idle for sometime. Request RejectedThe requested URL was rejected. Please consult with your administrator. Your support ID is: << identifier>> Please help us what can be the issue here? is it related to F5 or any other? Thanks.7.8KViews0likes5CommentsX-FORWARDED header in WAF
Because the WAF do SSL Termination before forwarding the request to load balancer, the load balancer will see a request as coming from WAF not client ex WAF IP , so is it possible to add X-FORWARDED in WAF so that the request will reach load balancer with client IP /port etc? Is this techniques risky? and will have any bad effect ? or normal behavior ?Solved6KViews0likes14CommentsiRule to Remove Duplicate Header by Value
Via iRule, trying to remove duplicateStrict-Transport-Securityheaders (developers are unable to), the below code does not seem to work. when HTTP_REQUEST { foreach a_header [HTTP::header "Strict-Transport-Security"] { if {[HTTP::header $a_header] eq "max-age=2592000"}{ HTTP::header remove $a_header } } } The below seems to work but gets rid ofStrict-Transport-Securityas a whole, which I do not want to do: when HTTP_RESPONSE { foreach header {Strict-Transport-Security} { HTTP::header remove "Strict-Transport-Security" HTTP::header remove "max-age=2592000" } }Solved5.4KViews0likes2CommentsURI to lower case LTM irule issue
Hi Team, I have a challenge to redirect all uri into lower case. I am able to redirect the URL to lower case but if i type in e.g myweb.net/fR/PAges/DEfauLT.aspx etc it does not redirect to lower case e.g myweb.net/fr/pages/default.aspx. I am trying my best but not sure where actually issue lies. Your help is very much appreciated. when HTTP_REQUEST { STREAM::disable HTTP::path [string tolower [HTTP::path]] if { [string tolower [HTTP::path]] equals "/" } { if { [HTTP::header "Accept-Language"] starts_with "fr" } { HTTP::respond 301 -nocase "Location" "https://www.myweb.net/fr/pages/default.aspx" Strict-Transport-Security "max-age=300 } elseif { [HTTP::header "Accept-Language"] starts_with "en" } { HTTP::respond 301 -nocase "Location" "; Strict-Transport-Security "max-age=300" } } elseif { [string tolower [HTTP::path]] equals "/autodiscover/autodiscover.xml" } { HTTP::respond 301 "Location" "https://autodiscover.myweb.net/autodiscover/autodiscover.xml" HTTP::redirect "http://[HTTP::host][string tolower [HTTP::path]][HTTP::query]" } elseif { [string tolower [HTTP::host]] contains "blog.myweb.net" }{ HTTP::respond 301 noserver "Location" "https://www.myweb.net/en/tech/pages/default.aspx" } elseif { [string tolower [HTTP::host]] contains "techpage.myweb.net" }{ HTTP::respond 301 noserver "Location" "https://www.myweb.net/en/tech/Pages/techpage.aspx" } } when HTTP_RESPONSE { HTTP::header remove SPRequestGuid set cookies [HTTP::cookie names] foreach aCookie $cookies { HTTP::cookie secure $aCookie enable } if { [HTTP::header exists Location] } { HTTP::header remove Server HTTP::header replace Location [string map {"http://" "https://"} [string tolower [HTTP::header Location]]] } if { [HTTP::header Content-Type] contains "text" } { STREAM::expression { @http://s5.mywebnet.net@https://s5.mywebnet.net@ } STREAM::enable } }4.7KViews0likes12CommentsRemove the "Server" header
Hi Guys, I have below irule created into LTM and enabled for virtual servers. but I need to remove the "Server" header. Device version: BIG-IP 14.1.2.6 when HTTP_RESPONSE { # Remove all instances of the Server header HTTP::header remove Server # Remove all headers starting with x- or server foreach header_name [HTTP::header names] { if { $header_name starts_with "x-" or $header_name starts_with "X-"} { if { [class match $header_name equals asm_remove_server_response_dg] } { HTTP::header remove $header_name } } } } Can you guys please help to create request header irule for VS ?Solved4.7KViews0likes10CommentsOTP Flood Attack mitigation
We have application which is sitting behind our F5 WAF, where application receiving high voulme of OTP request on server to generate OTP SMS by attacker. People receiving unwanted OTP message on their mobile. I have configured an iRule which limiting the request in 3 request in 5 min max and it is working. but attacker using different ISP ip to flood the OTP request. Can someone please assist here, how to mitigate such attack with help of F5 WAF policy.4.5KViews0likes9Commentserr_http2_protocol_error
One of my client getting subjected error(err_http2_protocol_error) intermittently but When I surfed on internet and I see like this error most related chrome browser. But I couldn't find any F5 article to confirm. Can anyone help me to figure out is this related to BIGIP and Chrome issue ? Or something else I need to check this further in BIGIP side ? Thanks in advance!4.3KViews0likes8CommentsTSPD and Javascript Challenge
Hi DevCentral community! I have a problem with the ASM and Javascript challenge, let me explain you what is happening, what is configured and what I searched :) 1) - I have configured an ASM Policy, on V12.1.2, where DoS protection is disabled, CSRF Protection is disabled and Web Scraping is disabled (this is not decided by me, it's a money thing between boss-client). 2) - Since the ASM was enabled in blocking mode, after 21 days of learning period, a pop-up appears when users try to edit Documents from SharePoint: The URL is https://XXX/TSPD/..... 3) - I read the Proactive Bot defense Guide and the Web Scraping Bot Detetion article also, I 've searched on DevCentral for similar problems Even I read this I'm not sure 100% sure why is happening this issue. Seems, per this question that even if everything is off, challenge can be set. I'm not sure how to solve it, this is what I understood that I have to do: Whiteliste on a LTM policy the resource path (disable the ASM) Whitelist on a LTM policy /TSPD/ and /TSbd/ path (disable the ASM) Check that javascript is enabled on the Browser Disable the caching of dynamic pages by injecting 'Cache-Control: no-cache' Thanks for your time and your help! Regards3.9KViews0likes2CommentsASM issue, need to return HTTP 500 to client in certain cases
I've written a script that captures the "Content-Type" header from requests. In the event that ASM blocks the request, I need to respond to the client with one of three types of responses (I'm using the ASM_REQUEST_BLOCKING event): If Content-Type = text/xml then send back a SOAP error with HTTP 200 If Content-Type = application/json then return HTTP 500 All others return the default ASM response with HTTP 200. Cases 1 & 3 are handled, but I can't figure out how to force an HTTP 500 status to be returned to the client. HTTP_RESPONSE doesn't fire when ASM blocks. Thanks for your advice.Solved3.8KViews0likes6Comments