I am not sure if any of F5 modules is capable of blocking web content tampering? For example if a hacker injects a piece of malicious JS within a server response? Will F5 has any feature to check the server response and find out that malicious JS, or link pointing to some bad reputation host?
I understand WAF is usually to protect the web server before any nasty things really happen... but irule/iruleLX is always so powerful to resolve many of impossibilities :)
I think what bigip needs to do is to:
Thanks for any advice!
First of all - how do you think the hackers are going to inject a malicious script into the responses of the Server (which is behind F5 WAF)? Most attacks happen over the web using Cross-Site-Scripting attack (XSS) or SQL injection attack (SQLi). F5 ASM as a WAF can identify and block the malicious script injection attempt as it will be a Request.
Thanks for the response.
how do you think the hackers are going to inject a malicious script into the responses of the Server (which is behind F5 WAF)?
Let's say the hacker take down the web server via internal network or sth like that. The "inject" is not accurate but does ASM has the capability to detect any malicious code or link in the response? I can see some attack signatures will check server response. Any other feature may do that as well?