iRule condition - request contains more than 10000 parameters
Hello, is it possible to create an iRule: "When request contains more than 10000 parameters then disable ASM policy at request time" (Requests with more than 10000 parameters are dropped / hard reset in default when ASM policy is used.)58Views0likes2CommentsDeploy WAF on any Edge with F5 Distributed Cloud (SaaS Console, Automation)
F5 XC WAAP/WAF presents a clear advantage over classical WAAP/WAFs in that it can be deployed on a variety of environments without loss of functionality. In this first article of a series, we present an overview of the main deployment options for XC WAAP while follow-on articles will dive deeper into the details of the deployment procedures.5.3KViews9likes0CommentsEnterprise Security best practices with F5 WAF
When it comes to responsibilities of each layer in an enterprise (i.e. DMZ/ WAF, application, SoR etc), and provided F5 Advanced WAF is deployed on the DMZ, should other layers assume primary responsibility of mitigations supported out-of-the-box by F5 WAF. i.e. Provided that F5 WAF supports bot defense, should the the layer below (application layer) as well be hardened to defend against bots by implementing features like fingerprinting, validating remote IPs based on HTTP headers etc? Certain defense mechanisms - specifically in the case of bot defense, go beyond the expertise of typical application development and having application developers to harden their apps against bots will just add overhead IMO, however one can still argue it's agains defense in depth. What's the best practice and guideline F5 provides?53Views0likes2CommentsASM instance creation
HI Team , I have to create an WAF instance similar to the one which is already available . I need help on creating the ASM policy similar to the one which is already used by other VIP . So my ASM policy name is ASM_NETWORK_443 and I have to create an identical policy with name ASM_DRNETWORK_443 . Is there any option to clone the ASM policy or export and import the policy and rename the Policy name ? Kindly help me on this .41Views0likes2Commentsltm policy asm_auto_l7_policy
Hi Experts, We are migrating WAF in an HA pair from i4800 to i5800, UCS is loaded successfully on new pair. while comparing the configurations i found on some policy on previous node the status was legacy and on new node the status is published. what's the difference please? the status is highlighted in red in below config. old node config ltm policy asm_auto_l7_policy__epsite.telenorbank.pk { controls { asm } last-modified 2023-12-08:23:19:30 requires { http } rules { default { actions { 1 { asm enable policy /Common/PTCL-cloud_WAF } } ordinal 1 } } status legacy strategy first-match7 } New Node config ltm policy asm_auto_l7_policy__epsite.telenorbank.pk { controls { asm } last-modified 2024-04-17:13:00:12 requires { http } rules { default { actions { 1 { asm enable policy /Common/PTCL-cloud_WAF } } ordinal 1 } } status published strategy first-match }8Views0likes0CommentsDeploying F5 WAF in front of Azure Web App Services
Does anyone know of a supported architecture for deploying an Azure F5 WAF in front of Azure Web App Services to handle the SSL and ASM services against traffic destined for an Azure Web App Service (App Service not just an app server running in Azure).46Views0likes2CommentsWAF for APM Oauth Authorization VS
Hi, We are testing the using of F5 as a OAuth Authorization Server and also a Resource Server. We have a WAF policy attached the VS representing of the Resource Server, which has an IIS server behind it. Since VS of the Auth Server will only utilize APM capabilities and won't actually have any application/web server behind it, I'm wondering if it's advised to add a WAF policy for this VS. I was told it's not necessary but I find it odd, since attackers can still try to attack the F5 itself. Any thoughts?Solved130Views0likes6CommentsEnhance your Application Security using Client-side signals – Part 2
Elevate your web and mobile application security with F5's innovative integration of web proxy strategies and client-side signals in this two-part series. Dive into the three critical categories of client-side signals—human interaction, device environment, and network signals—to enhance your application security strategy. Gain practical insights on distinguishing between humans and bots, fingerprinting devices, and analyzing network signals, ensuring robust protection for your online applications.107Views1like0CommentsSMTP Smugglers Blues
The SMTP protocol has been vulnerable to email smuggling for decades. Many of the mail servers out there have mitigations in place to handle this vulnerability but not all of them, especially the quick libraries and add-ons you can find on web sites. Protecting your server from these attacks is simple with F5 BIG-IP Advanced WAF and our SMTP Protocol Security profiles. Read to learn how to give those bad actors the “Smugglers Blues”188Views2likes2Comments