Forum Discussion

Nimbostratus

Jul 13, 2015

[BIG-IP 4000s] Failed to protect Crosse-Site Request Forgery

Dear F5 Team, Our team did PoC of Cross-Site Request Forgery but it seemed that WAF cannot protect this attack. Our team said "For the CSRF protection, F5 will generate its own Javascript t...

ASM Advanced WAF

security

boneyard

MVP

Jul 14, 2015

i would personally, certainly in a PoC, enable all three options in the blocking section for CSRF.

i checked in my lab, get the same situation with the comment on the script blocks but it works fine.

where exactly is the token expected where i doesn't show? remember there are cases where it isn't added specially in dynamically generated code.

Forum Discussion

[BIG-IP 4000s] Failed to protect Crosse-Site Request Forgery

Recent Discussions

Open Redirection Mitigation

GTM Packet Capture command

How to Implement 2 Way SSL in F5 LTM

BWC iRule

Citrix XenServer Big-IP Upgrade help

Related Content

Cross Site Scripting (XSS) Exploit Paths

Protecting the F5 BIG-IP AFM system with AFM Protocol Inspection System Checks

Explore how F5 BIG-IP Advanced WAF protects against attacks on GraphQL API

Getting Started with BIG-IP Next: Fundamentals

BIG-IP Report