Forum Discussion

bnicksic_10812's avatar
bnicksic_10812
Icon for Nimbostratus rankNimbostratus
May 04, 2016

Using ASM to scan served content

I have a multi-user web serving environment where content is uploaded via sftp. I need to scan served content for keywords and block if any keywords are matched. I'm attempting to use a custom attack signature on responses to scan for keywords, but I haven't been successful yet. Is this possible with ASM, and if so, am I going about this properly?

 

Thanks,

 

Bob

 

1 Reply

  • The ASM is an HTTP web application firewall. It can scan outbound HTTP traffic so long as the traffic is not encrypted as it passes through the BigIP. It cannot scan FTP traffic. SFTP traffic is a larger problem, as it is not only FTP rather than HTTP traffic, it is encrypted, and the BigIP does not have a good way to decrypt it.

     

    If you are trying to scan HTTP traffic being served you need to configure Dataguard. Dataguard's entire purpose in life is to get the ASM to block outbound traffic that matches sensitive data. You can read about dataguard here: https://support.f5.com/kb/en-us/solutions/public/8000/300/sol8363