Apache Log4j2 (CVE-2021-44228) mitigation iApp
Problem this snippet solves: There is a CVE released related to Apache log4j, which could be a vulnerability on a server located behind the BIG-IP. F5 SIRT have helpfully created an iRule to mitigate this vulnerability, this is an iApp to simplify creation and management of the iRule. How to use this snippet: Install the iApp Template Download and unpack the archive Login to BIG-IP TMUI and navigate to iApps>Templates Hit Import button, select the template and hit Upload Create an iRule instance Navigate to iApps>Application Services>Applications Hit Create button, enter a relevant Name and select the log4j2_mitigation template Set the Debug Level ( Off, Attack or Debug ). Off = no logs, Attack = logs in the case of an attack detected, Debug = more detailed logs Hit Finished - iRule should be created Assign iRule to virtual server Navigate to LTM>Virtual Servers. Click on the Virtual Server, navigate to Resources tab Click Manage button under iRules section, add iRule. Note the Virtual Server must have an assigned http profile for this iRule, otherwise it will throw an error. Manage iRule If you have issues with the iRule or want to modify logs, navigate to iApps>Application Services>Applications and click on the deployed service. Navigate to the Reconfigure tab, make changes and hit Finished Tested this on version: 15.1
