Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters

Articles

Sort results

Two-Factor Authentication using Yubikey, YubiCloud and BIG-IP LTM

SyntaxHighlighter.all();Two-factor authentication (hereafter 2FA) has been a staple in enterprise VPN environments for quite some time, but it is really taking off in the web application space now as well with services riding on smart phones like... Read more
2 Reviews

Deploying a WhiteHat Security Satellite in Your Infrastructure

DevCentral uses WhiteHat Security's Sentinel service in our application development lifecycle as well as for production compliance. Beyond the direct benefits of improving our SDLC practices and reducing our window of exposure, F... Read more
0 Reviews

Security Irules 101: DNS Gravitational Disturbance

Introduction iRules are a powerful tool in the F5 administrators arsenal. They allow administrators to adapt and customize the F5 to their needs. They provide extensive power for security engineers as well. We’ve decided it’s time to revisit... Read more
1 Review

Vulnerability Patching via iRules: VU#520827 for PHP

Security is a top level priority in nearly every IT infrastructure these days. Whether it's keeping server patching up to date, putting in place hardened firewalls, password security models, denial of service prevention or any of the other... Read more
0 Reviews

Two-Factor Authentication With Google Authenticator And APM

Introduction Two-factor authentication (TFA) has been around for many years and the concept far pre-dates computers. The application of a keyed padlock and a combination lock to secure a single point would technically qualify as two-factor... Read more
Average Rating: 4.8
11 Reviews

Google reCAPTCHA Verification With Sideband Connections

Introduction Virtually every dynamic site on the Internet these days makes use of a CAPTCHA in some fashion. A CAPTCHA is used to verify that a human is driving the interaction with a particular  function on a site. A CAPTCHA in its simples... Read more
0 Reviews

v11.1: DNS Blackhole with iRules

Back in October, I attended a Security B-Sides event in Jefferson City (review here). One of the presenters (@bethayoung) talked about poisoning the internal DNS intentionally for known purveyors of all things bad. I indicated in my write-up tha... Read more
Average Rating: 4.9
3 Reviews

CodeShare Refresh: HTTP Session Limit

The iRules CodeShare on DevCentral is an amazingly powerful, diverse collection of iRules that perform a myriad of tasks ranging from credit card scrubbing to form based authentication to, as in today's example, limiting the number of HTTP... Read more
0 Reviews

Two-Factor Authentication With Google Authenticator And LDAP

Introduction Earlier this year Google released their time-based one-time password (TOTP) solution named Google Authenticator. A TOTP is a single-use code with a finite lifetime that can be calculated by two parties (client and server) using ... Read more
Average Rating: 4.4
5 Reviews

Implementing The Exponential Backoff Algorithm To Thwart Dictionary Attacks

Introduction Recently there was a forum post regarding using the exponential backoff algorithm to prevent or at the very least slow down dictionary attacks. A dictionary attack is when a perpetrator attacks a weak system or application by cyclin... Read more
0 Reviews

APM Session Invalidation Using ASM

Introduction: Whenever customers expose their internal resources on the Web using VPNs or SSL VPNS there is still some concern over what type of traffic comes through the connection. In order to assist with these concerns we can provide a combine... Read more
Average Rating: 4.9
3 Reviews

Web Application Login Integration with APM

As we hurtle forward through the information age we continue to find ourselves increasingly dependant on the applications upon which we rely. Whether it's your favorite iPhone app or the tools that allow you to do your job, the application... Read more
1 Review

Multiple Certs, One VIP: TLS Server Name Indication via iRules

An age old question that we’ve seen time and time again in the iRules forums here on DevCentral is “How can I use iRules to manage multiple SSL certs on one VIP"?”. The answer has always historically been “I’m sorry, you can’t.”. The... Read more
0 Reviews

One Time Passwords via an SMS Gateway with BIG-IP Access Policy Manager

One time passwords, or OTP, are used (as the name indicates) for a single session or transaction.  The plus side is a more secure deployment, the downside is two-fold—first, most solutions involve a token system, which is costly i... Read more
Average Rating: 4.9
7 Reviews

Client Cert Fingerprint Matching via iRules

Client cert authentication is not a new concept on DevCentral, it’s something that has been covered before in the forums, wikis and Tech Tips.  Generally speaking it means that you’re receiving a request from a client, and want to... Read more
0 Reviews

Mitigating Slow HTTP Post DDoS Attacks With iRules – Follow-up

Last month I posted a Tech Tip using iRules to mitigate the slow POST DDoS attack. The example that I posted was an early prototype that was passed around an internal mailing list. I listed a few “gotchas” in my original post, but it wasn’t long... Read more
1 Review

Mitigating Slow HTTP Post DDoS Attacks With iRules

This past week researchers demonstrated a new HTTP DDoS attack in which a slow POST request will result in leaving a connection open longer than necessary. The heart of the attack relies on sending a POST request with given “content-length” then... Read more
0 Reviews

Implementing HTTP Strict Transport Security in iRules

Last month I ran across a blog entry by Extreme Geekboy discussing a patch (now in the most recent nightly forthcoming 4.0 builds) for Firefox he submitted that implements the user agent components of HTTP Strict Transport Security.  Strict... Read more
Average Rating: 4.9
5 Reviews

v10.1 - iRules rate limiting with the table command

One of the new features added to BIG-IP in version 10.1 was the table command, implemented in iRules. Of all the new features I've seen, I have to say this one is easily one of my favorites. Hopefully by now you've seen Spark's amazing... Read more
1 Review

FTPS Offload via iRules

Question: Does BIG-IP LTM support FTPS? Answer: You might think to yourself "LTM can load balance any IP traffic, so sure!". But if you know FTPS, you know that, like FTP, things are a lot more complicated than most protocols. And... Read more
Average Rating: 4.9
4 Reviews

Can iRules fix my cert mismatch errors?

SSL encryption as a means of security on the web isn't a new concept. We've talked about it here on DevCentral many times, and it's as pedestrian a concept as a corndog on the boardwalk to most internet users. We've talked about... Read more
0 Reviews

Replacing the WebSphere Apache Plugin with iRules

Problem Definition "We’re having a bit of difficulty configuring the LTM to handle all the redirects that this WebSphere application does.  We’ve tried streaming profiles and iRules, but every method seems to break one component while... Read more
0 Reviews

Cookie LoJack vi iRules

Web sites used to be simple. There were pages you would browse to on the web, and they would display information to you, via simple HTML. Things have progressed since then, taking many numerous strides along the way. From static to dynamic... Read more
0 Reviews

Cert Information in your HTTP Headers

SSL is everywhere. In your browser, in your email client, in your auth setup; the chances are, if you're using the internet today, you're going to run across something, somewhere that invokes an SSL cert for encryption or authentication.... Read more
0 Reviews

Selective Client Cert Authentication

SSL encryption on the web is not a new concept to the general population of the internet. Those of us that frequent many websites per week (day, hour, minute, etc.) are quite used to making use of SSL encryption for security purposes. It's an... Read more
1 Review