ASM blocking mallware

Question

Hello,&nbsp;
We would like to know if ASM can analyze the HTTP Header of a request and evaluate the following fields in order to identify potential unwanted traffic:&nbsp;
RefererX-Requested-With
The “Referer” field indicates the domain that sent the traffic to our site. We would like to block traffic coming from low reputation domains.&nbsp;
The “X-Requested-With” field indicates the mobile application package name that sent the traffic to our site. We would like to block traffic coming from applications that are known as infected.&nbsp;
is this is supported, can it be created via the policy-builder or via irule script?&nbsp;
thank you.&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
With an irule, you can extract and manage both informations. but ASM doesn't use domain reputation and infected application database.&nbsp;
If you can provide both informations (static list) or an URL where BIGIP can download a list of domain and application to block, this can be done with an irule (and a scheduled icall script to download and fulfill datagroups of apps and domains)!&nbsp;

Forum Discussion

ASM blocking mallware

1 Reply

Recent Discussions

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

Block IP after a number of ASM Blocks

ASM block page for use with API waf policy

Can't upload msg file - ASM block

ASM blocked request contains & (ampersand) symbol in parameter value

Block traffic