Forum Discussion

Mohanad's avatar
Mohanad
Icon for Cirrostratus rankCirrostratus
Oct 30, 2019

irule for mitigate open url redirection

hello everyone,

 

im looking for irule for mitigate open url redirection , i tired to use feature "Redirection Protection" but it's not working

 

Note ASM policy is blocking but "Redirection Protection" not working

 

POST /Account/Login?ReturnUrl=https://google.com HTTP/1.1

 

ASM Advanced WAF
iRules
security

2 Replies

Sort By
  • Kevin_Davies's avatar
    Kevin_Davies
    Icon for MVP rankMVP
    Oct 31, 2019

    Version BIG-IP?

    Wildcard exists in allowed redirect domains?

    Block option for the Illegal Redirection Attempt violation is set?

    • Mohanad's avatar
      Mohanad
      Icon for Cirrostratus rankCirrostratus
      Oct 31, 2019

      Hello Kevin

       

      Thank you,

       

      Version 15.0.1 - wildcard is not exist - block option is enforced

       

      This was working in version 13, 1 will test again and open case with F5 support maybe it's bug