Need a Benchmark documents for F5 Advanced WAF or Big-IP or etc.
Hi All There are many other security product OEMs also provide Benchmark documents to configure their products to get maximum security or maximum utilization which leads to maximum profit for the user. My query is, does F5 provide Benchmark documents for their product like Advanced WAF or Big-IP etc.". If yes, can anyone give me the link where I can check or download to use those?
ASM/WAF policy - Parameter value type was determined to be "XML value" but really it is "HTML"
Hi, hoping someone can help with this issue. F5 WAF suggested that the parameter "text" should be "XML value". I agreed and and I'm using the default XML content profile. However the actual value looks like HTML code to me, which is not an option anywhere AFAIK. Mostly there are no issues, except for some special situations likethis particular request that contains "(" and ")" characters in the value. As a result I'm getting an error: XML Buffer ( Description Malformed document Illegal data between tags Context Parameter Location Form Data Parameter Level Global Parameter Name text Parameter Value *************** The request looks very similar to the one below: POST /aaa/bbb HTTP/1.1 Host: aaa.bbb.org Connection: keep-alive Content-Length: 00000 sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="101", "Google Chrome";v="101" Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://aaa.bbb.org Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://aaa.bbb.org Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: ************ X-Forwarded-For: 1.1.1.1 text=<b>aaa+aa.+11111+aa+aaaaaaa+111+1111+</b>(<a+href="https://www.ccc.org/ddd/111/ppp.pdf">aaaa11.222</a>+-+oooooooooo)+(eeeeeeeee+jjjjjjjjjj+1,+2222) &input_format=full_html&token=xxxxxxxxxxxx Is there any way to tweak the XML content profile to make this work, or should I switch the parameter to user-input/alphanumericand add the HTML meta characters as allowed?Are the Bot protection "Browser Verification" and the DDOS "Client Side Integrity Defense" the same?
I recently needed to configure some Advanced WAF/ASM Bot defense profile and DDOS profile and I saw the two features "Client Side Integrity Defense" and the DDOS "Browser Verification". I knew them but I started asking myself are they the same feature but with the DDOS profile only after the DDOS threesholds being reached then this feature is activated and for the F5 Bot profile this feature if enabled always checks the web browsers if they support javascript. Basically if I enable Bot protection "Browser Verification" do I need at all to enable the DDOS "Client Side Integrity Defense" feature? Also with the DDOS "Client Side Integrity Defense" feature is the javascript inserted Before Access or After Access?Can the F5 Advanced WAF protect the JWT token in an HTTP authorization header?
Hello, Can the F5 Advanced WAF protect the JWT token in an HTTP authorization header? My idea is that the F5 can monitor a cookie or parameter from tampering but what about if the a JWT token is used and the client changes the HTTP header with another value that is not a web attack but another stolen JWT token.
