Open redirect mitigation
Hi all, I'm new to F5 and probably this is a very basic question. I'd like to know your advice on mitigating an open redirect vulnerability, as could be http://www.vulnerable.com/redirect.asp?=http://www.evil.com I want to allow the redirection but with an informational message which the user has to accept, like "You are going to be redirected...". What do you think is the best way to do it? I guess it's possible to do it using irules (only LTM) but I'd also like to know the options using ASM. Thanks in advanceSolved2KViews0likes5CommentsOpen Redirection Mitigation
hello, ASM has a feature to mitigate the open redirection attacks when the redirect happens at the header level (i.e: with Location in response). When the redirection is within the payload response, the ASM does not block it. do you guys know about any ASM configuration that may address this issue and mitigate this kind of attack ? thanks. o.Solved99Views0likes6Comments