Vulnerabilities on Configuration utility login page.
Hi everyone I've perform pen-testing and found vulnerabilities on Configuration utility login page like this. 1.) Detect that F5 BIG-IP web management interface is running on this port. (Not sure if it's due to header F5-Login-Page: true, or not.) 2.) HTTP packet inspection. It's show HTTP protocol version used, whether HTTP Keep-Alive and HTTP pipelining are enabled from Configuration utility login page. Can we mitigate these two issue? ps. about (1) I think it's due to header F5-Login-Page but didn't know how to remove this header. about (2) Not sure how to fix this. Might have to perform packet filter IP on httpd services. thank you
Can the F5 Mitigate the HTTP/2 vulnerabilities?
Hi, We are considering implementing HTTP/2 in our environment at the moment. In August a number of DoS vulnerabilities were identified in HTTP/2. If we make the change for HTTP/2 on the F5, does the F5 do anything to mitigate the risk? https://nakedsecurity.sophos.com/2019/08/19/netflix-finds-multiple-http2-dos-flaws/ Are there ASM signatures that protect against these issues? If so, what about protection on APM if we add HTTP/2 there? Any information would be appreciated.