Forum Discussion
3 Replies
Sort By
- PeteWhiteEmployee
If it is on the public IP (presumably the self-IP) then you need to set your self-IP Port Lockdown to None so that externals can't get access to the management GUI.
- koenning_107182Nimbostratus
Generally this means the code on the pool member side contains a php_info() function call somewhere. If your security scanner exposed this vulnerability, it should also report the URL path returning the output of php_info(). If that URL path (better terminology is URI) is not essential to your application, then you can simply block it with an iRule returning an empty response.
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/your/unique/uri/which/is/vulnerable" } { HTTP::respond 200 content "" } }
Let me know if that helps
Christian
- Pramod_Gopala_1NimbostratusThanks Chris.. I have done the changes as you mentioned to the URI's with php_info(). On our new compliance test this weekend it will be get tested, will share you the result. Again Thanks a lot!! Pramod