Forum Discussion

Cirrocumulus

Sep 13, 2010

test block script

Hi all, We used to have a test block script which we could enter into a field on our corporate website and trigger a block response. This was a quick way of testing ASM was working. This scr...

app sec

BIG-IP Access Policy Manager (APM)

security

Kai_Wilke

MVP

Jan 12, 2016

Hi Nathan,

I do usally test my ASM functionality with the "Nimda Worm" signature (aka. a IIS specific Escaped Character Decoding Command Execution Vulnerability).

the Test-URI is rather handy and simple:

http://www.example.com/scripts/..%255c../winnt/system32/cmd.exe?/c+dir

Note: The string "/..%255c../" is the actual attack signature and would double decode on the serverside to "%5c" in the first round (security validated by IIS) and on the second round to "\" (not security validated by IIS).

And the ASM response blocking functionality can be testet with an Error Page sending an unknown [HTTP::status] of lets say 666.

Cheers, Kai

Forum Discussion

test block script

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Python script to test if a F5 BIG-IP is vulnerable to cve-2023-46747

Khoros article scheduling test

Passing Arguments to iCall Scripts

Testing the security controls for a notional FDX Open Banking deployment

Block traffic