Forum Discussion

Nimbostratus

Dec 16, 2011

ASM search engine configuration query

Hi all, We are currently in the process of setting up the ASM for production use, and unfortunately I'm finding the documentation on search engine configuration quite lacking. Sear...

app sec

BIG-IP Access Policy Manager (APM)

security

Mike_Maher

Nimbostratus

Dec 16, 2011

Well actually depending on what version of ASM you are running you may want to disable Web Scraping detection. There is an XSS vulnerability within that feature in 10.1.0 - 10.2.2.

https://support.f5.com/kb/en-us/solutions/public/12000/900/sol12953.html?sr=18293022

If you are running safe code to leave this enabled, another way to work around this might be to design an ASM iRule that matches the UA string against a safe list of UA strings you define as a data list, and then have it bypass the Web Scraping protection based upon that. I am definitely not an iRule guru so you will want to hunt through the Wiki's for more information. On how you might doe that, although you probably want to be careful doing something like that as it would be easy to spoof the UA string.

Forum Discussion

ASM search engine configuration query

Recent Discussions

BWC iRule

Citrix XenServer Big-IP Upgrade help

iRule condition - request contains more than 10000 parameters

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

A Day in the Life of a Security Engineer from Tel Aviv

KubeHuddle 2023 in Toronto, Canada - Intimate Gathering with Engaged Engineers

How to search the latest security academic papers

Adopting Site Reliability Engineering with F5

Bots mitigations overview with Advance WAF - Anti Bot engine