Cirrusadmin/App/frameset.jsp?name=Sessions url=..%2FApp%2FSessions%2FsessionsFrameSet.faces%3FappKind%3DCMC%26bttoken%3DMDAwRENRbzJQNmRKYUpXW2c7Z29XOlBNVEFYTF5dHere you can see ".." present in the url hence waf/ips considered its as directory traversal. can we hide this or change this url with out modifying app
MVPHi Mike,
if disabling of directory traversal attack signatures is not an option for you, then you may try to remove the directory traversal before passing the request to ASM and simply restore it right after.
when HTTP_REQUEST {
if { [HTTP::uri] contains ".." } then {
set dir_traversal [HTTP::uri]
HTTP::uri [string map { ".." "traversal" } [HTTP::uri]]
}
}
when HTTP_REQUEST_SEND {
if { [info exists dir_traversal] } then {
clientside {
HTTP::uri $dir_traversal
}
}
}
Cheers, Kai
Cirruswe don't have asm we are using different vendor applicable for the same
CirrusPlease let me know if i can use this without asm also
MVPHi Mike,
No, the provided iRule will most likely be able to trick out ASM, since its just hiding the traversal syntax within your F5 and not on the wire.
To help you further you may explain if the IDS/IPS system is located in-front or behind your F5? Based on the answer we may find another solution to change the stuff on the wire to meet your requirements.
Cheers, Kai
CirrusKai please see the traffic flow
User > f5 vip with ssl > juniper ips > ihs web server juniper ips > app server > db server