ASM TS challenge and caching

Question

F5 ASM 13.1.0 is placed behind a CDN.&nbsp;
TSPD challanges injected in the web page is cached in the CDN, diable the cache option is not possible on the CDN, the assupmtion here is that the tspd token is placed in all the pages.&nbsp;
advanced bot protection is not used because of this.&nbsp;
The troubleshooting is showing number all users get the same token "cached by the CDN" thats, rendering any user fail the check!&nbsp;

samstep · Answer

Only the static content (images/stylesheets/fonts/js/PDF files) should be placed behind CDN. The best practice is to put all static content onto a separate subdomain such a static.example.com or media.example.com &nbsp;
F5 ASM is a security device to protect the Dynamic contact (login pages, portals, applications,etc).  
&nbsp;
In case if the static contact is the part of the same application (e.g. /static subfolder)  you can use the local traffic policy to disable ASM on that static content path. You can also disable the caching of dynamic pages by injecting 'Cache-Control: no-cache' HTTP header if the application you are trying to protect with F5 ASM is not doing it for some reason&nbsp;

Forum Discussion

ASM TS challenge and caching

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Related Content

Distributed caching of authentication requests with NGINX Ingress Controller

End of Year 2022 security challenges and new year wishes

Journey to the Multi-Cloud Challenges

Google reCAPTCHA Challenge iRule

3. SYN Cookie: SYN Cache