Gregory_Gerard_
Jun 08, 2008Nimbostratus
Enforcing Content-Length and other preventive security measures
I've been challenged with an audit. I know the tool in question to be used and have read the docs and whitepapers (sorry, cannot reveal).
Things mentioned within them include:
1. XSS attacks -- I think we're okay on this one
2. HTTP based attacks, mainly malformed HTTP requests in an effort to poison caching servers along the way
http smuggling, response splitting, double content-length headers, and more.
I'm wondering if there are any canned protection measures I can employ in my LTM to mitigate these types of browser hijacks.
Some attacks apply to tiers and systems I have no control over (ISP cache servers for instance), but I'd like to do what I can to detect and drop connections and raise an alert when traffic looks "funny".
What are your recommendations and thoughts?
Is the F5 the place to do this or another box? If another box, box recommendations?
Obviously, code is being audited statically as well and appserver patches applied when possible but I want to cover my bases.
Thanks!