Scan Vulnerabilities & irules

Question

&nbsp;
Hello All,&nbsp;
 &nbsp;
1) Is there a general consensus that specific types of application vulnerabilities identified through a scan can be patched/mitigated temporarily with the use of irules  in f5 ?&nbsp;
2) If yes , then What type vulnerabilities are these and what are their respective irules ?&nbsp;
 &nbsp;
Note - I know thre is a irule discussion group  , but i wanted to know inputs from here as well.&nbsp;
 &nbsp;
Regards&nbsp;
Nik&nbsp;

what_lies_bene1 · Answer

There's quite a few, I've listed a few simple examples below. Is there something specific you have in mind? 
&nbsp; 
Restrict HTTP Methods
when HTTP_REQUEST {
 switch [HTTP::method] {
  Exit if method is GET
  "GET" { return }
  Exit if method is POST
  "POST" { return }
  Reject any other request methods
  default { reject }
  }
}

Mitigate Code Red &amp; Nimda
when HTTP_REQUEST {
 set requri [string tolower [HTTP::uri]]
 switch –glob $requri {
  "*default.ida*" – 
  "*cmd.exe*" – 
  "*root.exe*" – 
  "*admin.dll*" {
  Drop the request silently
   drop }
 }
}

Forum Discussion

Scan Vulnerabilities & irules

1 Reply

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Advanced iRules: Scan

Advanced iRules: Binary Scan

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Reviewing vulnerability scanner results for an APM protected Virtual Server - part two

Vulnerability CVE-2023-45648 in ApacheTomcat