Open Redirection Mitigation
hello, ASM has a feature to mitigate the open redirection attacks when the redirect happens at the header level (i.e: with Location in response). When the redirection is within the payload response, the ASM does not block it. do you guys know about any ASM configuration that may address this issue and mitigate this kind of attack ? thanks. o.Solved57Views0likes6CommentsWildcard SSL Certificate Deployment on F5 LTM
We utilize F5 load balancer to generate CSR and implement Entrust SSL certificates across all subdomains within our infra. We're exploring the possibility of deploying a wildcard SSL certificate for a domain and its associated subdomains. ltm version is 14.1.5 If feasible, we seek guidance on the process of importing and deploying it within F5.41Views0likes4CommentsCannot login to Avaya wanx using f5 apm network access
Hi we are facing some issues related to APM network access, we cannot login to our avaya wanx ip phone communicator using network access, but we can ping the call server we are using, but still no luck on login. Is there something we need to adjust on APM network access setup?450Views0likes7CommentsCan iRule be used to perform exception of IPI category based on Geolocation
Hi Everyone, Can we configure iRule to perform exception on certain IPI category like "Spam Sources" based on Geolocation. For instance, I want to bypass the mitigation enforced on "Spam Sources" IP intelligence category for "Nepal" -Geolocation specific because of the large false positives on this category. I found the iRules to enforce the mitigation based on the defined IPI category: when HTTP_REQUEST { set ip_reputation_categories [IP::reputation [IP::client_addr]] set is_reject 0 if {($ip_reputation_categories contains "Windows Exploits")} { set is_reject 1 } if {($ip_reputation_categories contains "Web Attacks")} { set is_reject 1 } if {($is_reject)} { log local0. "Attempted access from malicious IP address [IP::client_addr] ($ip_reputation_categories), request was rejected" HTTP::respond 200 content "<HTML><HEAD><TITLE>Rejected Request</TITLE> </HEAD><BODY>The request was rejected. <BR> Attempted access from malicious IP address</BODY></HTML>" } } https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-local-traffic-manager-implementations/enabling-ip-address-intelligence.html44Views0likes3CommentsiRule condition - request contains more than 10000 parameters
Hello, is it possible to create an iRule: "When request contains more than 10000 parameters then disable ASM policy at request time" (Requests with more than 10000 parameters are dropped / hard reset in default when ASM policy is used.)57Views0likes2Commentshelp irules for compatibilty
Please , someone can help me wiyh the irule below: when HTTP_REQUEST { log local0. "HTTP Method = [HTTP::method]" log local0. "HTTP URI = [HTTP::uri]" log local0. "HTTP Path = [HTTP::path]" log local0. "HTTP Query = [HTTP::query]" log local0. "HTTP Version = [HTTP::version]" log local0. "HTTP Host Header = [HTTP::host]" log local0. "HTTP User Agent Header = [HTTP::header value "user-agent"]" if { [HTTP::host] eq "pp.appro-cb.pmu.fr" }{ pool POOL__PREPR SSL::disable serverside HTTP::header insert X-Forwarded-For [IP::remote_addr] } elseif { [HTTP::host] contains "lab.tech.zu" }{ pool POOL_GITLAB } elseif { [HTTP::host] contains "nessus.tech.ai" }{ pool POOL_NEXUS } elseif { [HTTP::host] contains "rai5.pp.ei" }{ pool POOL_STP_RE5_appv1 } elseif { [HTTP::host] contains "apicccc-tech.ai" }{ pool POOL_APICMD_TST } elseif { [HTTP::host] contains "myhome-pp.pcc.ai"}{ pool POOL_MYBET_PP HTTP::header insert Access-Control-Allow-Origin "[HTTP::header Origin]" \ HTTP::header insert Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" \ HTTP::header inster Access-Control-Expose-Header "Pmu-Session-Id" \ HTTP::header insert Access-Control-Allow-Headers "Pmu-Session-Id,OTT,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,correlationId,emetteur,idDevice" \ HTTP::header insert Access-Control-Allow-Credentials "true" return } }26Views0likes2Commentshttp protocol compliance
Hello All, We experienced a issue with specific end user only, when user is accessing a application he is getting error message , on basis of support ID we came to know it is "http protocol compliance failed" violation on ASM. We are not able to find the exact feature in http protocol compliance field which is blocking user to access the site. As workaround we have unchecked the block option of "http protocol compliance failed" in policy building > learning policies and things started working. Can anyone please share what to look for actually in the violation details to implement the recommended solution as what we did is workaround only and may not be recommended fix. Rgds ***26Views0likes1CommentUsing okta as SSO to login F5 GUI
Hi All, Greetings..!! Currently we are using local user accounts in f5 to login. We have different users with different roles on f5. In our organization we are using okta for other apps authentication. Is it possible to have Okta for logging in f5 with SSO. If yes, please share the article or guide with the required configurations. Thanks in Advance, K Kuzhali25Views0likes1CommentDisk space full - what files, folders are safe to delete?
Hi I've searched Dev Central for help with clearing disk space. I am happy to use bash as I have now figured out how to display files within var/log directory and use the "rm" command to remove files. I can see the files within the var/log I have read articles about maintaining disk space. I have deleted ucs, software images. These files are at ".1 or .2.gz" 0 or not even on any of the F5 var/log directories /dev/mapper/vg--db--vda-dat.log 2.9G 2.9G 0 100% /var/log /dev/mapper/vg--db--vda-dat.share 15G 5.4G 8.5G 39% So far I have the above. What files are safe to delete from the /var/log or any other directories? Or can I delete file contents silently without affecting performance or service? What would be good bash commands to rm or clear files/ folders?51Views0likes4CommentsEnterprise Security best practices with F5 WAF
When it comes to responsibilities of each layer in an enterprise (i.e. DMZ/ WAF, application, SoR etc), and provided F5 Advanced WAF is deployed on the DMZ, should other layers assume primary responsibility of mitigations supported out-of-the-box by F5 WAF. i.e. Provided that F5 WAF supports bot defense, should the the layer below (application layer) as well be hardened to defend against bots by implementing features like fingerprinting, validating remote IPs based on HTTP headers etc? Certain defense mechanisms - specifically in the case of bot defense, go beyond the expertise of typical application development and having application developers to harden their apps against bots will just add overhead IMO, however one can still argue it's agains defense in depth. What's the best practice and guideline F5 provides?47Views0likes2Comments