WAF for APM Oauth Authorization VS
Hi, We are testing the using of F5 as a OAuth Authorization Server and also a Resource Server. We have a WAF policy attached the VS representing of the Resource Server, which has an IIS server behind it. Since VS of the Auth Server will only utilize APM capabilities and won't actually have any application/web server behind it, I'm wondering if it's advised to add a WAF policy for this VS. I was told it's not necessary but I find it odd, since attackers can still try to attack the F5 itself. Any thoughts?Solved173Views0likes7CommentsHA Configuration (One in primary and One in DR)
Hi folks, I currently have HA pair (active/passive) in a primary data center and we are bringing up a DR. wondering can I split up the HA pair (One in primary and One in DR) and continue to have HA with utilizing different subnets? We are using multiple IPSEC tunnels to connect the sites so we are still working on whether we can extend subnets but if we can't I wanted to ask if different subnets are possible. Thank you any info is appreciated41Views0likes4CommentsASM Sync Between 2 Data Centers
Hi Folks, Any one tried to sync ASM configuration between 2 data centers successfully? my current scenario is, i have HA pair (active/passive) in data center A and another HA pair (active/passive) in data center B and need to sync the the ASM configuration between the 2 data centers.Solved107Views0likes10CommentsBig-IP ASM automatically removes my hostname
, but I don't see the violation reaching the threshold of 100. Hello everyone, Recently, my service has encountered an issue. In the evening, while everything was running normally, I received a block warning from ASM. Upon checking, I found that my hostname was automatically removed from the policy by ASM. I am using fully automatic as per this link: https://my.f5.com/manage/s/article/K000134503. However, the problem is that when I checked for violations, I did not see any violations related to violations="Illegal host name." So, why did it reach the threshold of 100 and remove my hostname? Could this be a bug? I checked that there were no accept suggestions at that time, only violations="Illegal repeated parameter name," which I do not think is the issue. Thank you.144Views1like11CommentsBypass "Bad unescape" in Body POST (ASM, POST, JSON)
Here the Block. As you can see is "%" is detected without encoding meaning. This is normal since the "%" is in the Body of the post as JSON data (see below) Of course if I disable the "Bad unescape" in " Learning and Blocking Settings" it works, but my Goal is to bypass using rule on parameter or similar, till now without success. Does anyone have a solution ? ======= JSON on POST Dody Request =======================69Views0likes11CommentsNot able to change virtual server traffic group from traffic-group-local-only to traffic-group-1
We have two LTM device in which i observe one virtual server is missing in secondary device. I checked the virtual server configuration in primary that virtual server configure in traffic group from traffic-group-local-only now i am changing the traffic group but it is not changing. Is there any way to change it?Solved53Views0likes1Comment[ASM] - content type : x-www-form-urlencoded ?
Hello Experts , what does content type : x-www-form-urlencoded means and also what is Parameter name sys06 ? Attack Signature ID 200002145 Name : SQL-INJ expressions like "having 1=1" (Parameter) Context Parameter (detected in Form Data) Parameter Level : Global Actual Parameter : Name : sys0624Views0likes0Comments