What does session_id = 0 means in ASM session tracking?
We have an ASM policy with session tracking enabled and working fine and we noticed that several ASM logs hace a session_id equals to 0. We suspected some botnet source but we don't know what it's the meaning of that zero value. How is usually got a value this parameter and why is set to zero in those cases?F5 ASM: Capability to Block Threat Caused by Outdated jQuery
Hi Team, We have public facing website that currently running on outdated jQuery version behind the ASM. The question is whether ASM have capabilities to block any threat due to the uses of the outdated jQuery? Please help to provide an update on this query at the earliest. Thanks in advance.[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only
Hi Team , can someone explain me the attack type - end-quote UNION and the solution to allow this signature to specific url/uri/parameter only. Attack Type : SQL-Injection Detected Keyword : ,\"Valore\":\"UNION-GLASS0x20S.R.L.\"},{\&quo Attack Signature : SQL-INJ "end-quote UNION" (Parameter) Context : Parameter (detected in Form Data) Parameter Level : Global Parameter Value : \"ArrayValori\":null
Exced Timeout in Event Logs WAF
I have a issue with a customer WAF, in the Event Logs, it shows me an error in the "triggered violation (I attached a screenshot).", & the request show the status: ilegal. we modify the maximun limitation of 500 to 1000, with recommend F5 docs, and a traffic test was carried out again and the request status is: legal, but the registration of this traffic in Event Logs took a time of 3 minutos, wich is too much. Some recommendation with how resolve? Greetings Friends :),
How to Integrate F5 Anti-Virus with Fortisandbox using ICAP
Helo! i have a question is there possible if i integrate Anti-Virus on F5 with Fortisandbox? Because, i will create an feature on web application for uploading file with xlsx and pdf format. I want to send the file for scanning on fortisandbox before pass to the server. ive read some article https://my.f5.com/manage/s/article/K70941653 but i still wondering, is it possible or not? thank you.How i can apply fast 700 ASM policies?
how can i do to quickly apply 700 asm poltiics with changes, in the old days you could give an option to apply all. how can i do it now? i have a bash script to do it by curls, but it is one by one of the poltiics. Is it possible to do them all at the same time? thanks
ASM Attack Signatures "Ready to be Enforced" change with iControl Rest API v17.1.x
Hi, Did anyone found out yet how to change the attack signatures that are "Ready to be Enforced" in v17.1.x can be change to "enforced" true Rest API ?? i'm trying to using this url: https://localhost/mgmt/tm/asm/policies/[policy-id]/signatures?ver=17.1.2 i can change all staging ones but but find to combination with "Ready to be Enforced" items. in K94215981 the talk about the attributes "hasSuggestions, "wasUpdatedWithinEnforcementReadinessPeriod" but it looks like the dont exist anymore in v17.1.x Any help is welcome. GIU -> Security > Policies > Policy List > (policy name) > Attack Signatures menu, and filter Status: Ready to be enforced.F5 ASM API-Protection Policy
Hello F5 Community, Apology if my question looks stupid since iam new to F5. Recently our application starting a project which is communication between our clients and our application through API and for me as f5 administrator its my rule to protect this API communication and as i looked up in the Application Security API template there is a section which ask for the swagger file and when i asked our application team their respond was (we have 3 API endpoints so we have 3 swagger files and not one) and right now iam looking forward to check whats the best design and to how handle this request or whats the best scenario to create and deploy this policy. Is it one of below: -Asking application team to merge these swagger files and provide it to me ?which they initially respond that they can not do that and this is risky. -Creating 3 Application policy and attach it to the same virtual server (if possible)? WE are using on-primes BIG-IP. Please let me know of your thoughts and let me if you prefer additional solution over this. Thanks. Regards,
Is XFF a must for ASM WAF DoS
In this article it is mentioned that you must configure "Accept XFF" in HTTP profile in order to use DOS or Bot protection. https://my.f5.com/manage/s/article/K000133493 "HTTP profile is required also and have XFF enabled is the minimum setting needed" On the other hand in this article it says https://my.f5.com/manage/s/article/K36452759 "If the setting "Accept XFF" is not enabled in the HTTP profile associated with the virtual server using bot or DoS, then the source IP of the traffic as it arrives to the BIG-IP will be used instead." "Note: Ensure this header name is inserted by a trusted source. If you do not trust the header showing the original client IP it may be maliciously altered." "XFF, or equivalent client IP headers, must be configured to be trusted in the HTTP profile for use with Bot Defense and Application DoS profiles" This creates some confusion It is unclear whether XFF is a mandatory. Is it? If there is no trusted proxy in front of F5 and the the actual source IP (as it arrives at F5) is the public source IP, which is the relevant IP to us, does "Accept XFF" still need to be configured? Thank youHow to check the disabled rules in ASM Policy
Hi Experts , We would like to know the allowed/disbale url or Parameters configured for the Specific ASM policy . Example: www.example.com is the url for which I would like to know the rules applied . How can I check this? Any way I can pull the detailed configuration of ASM Policy from cli ?
