Forum Discussion

Nimbostratus

Nov 07, 2018

Configure iRule for CWE ID 352 CWE name Cross-Site Request Forgery (CSRF) vulnerability

How to configure the irule to fix the vulnerability CWE ID 352 CWE name Cross-Site Request Forgery (CSRF) in F5. FA_Session cookie is set by f5 load balancer to route request to same app servers...

Nacreous

Nov 07, 2018

There a very good article that explains this problem and provides an iRule and a traffic policy example on how to mitigate this CVE

https://devcentral.f5.com/articles/increased-security-with-first-party-cookies-30715

Forum Discussion

Configure iRule for CWE ID 352 CWE name Cross-Site Request Forgery (CSRF) vulnerability

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Cross Site Scripting (XSS) Exploit Paths

How To Protect Your Applications from Cross Site Request Forgery (CSRF) with F5 Distributed Cloud

BIG-IP Configuration utility vulnerability CVE-2023-38138

Coordinated Vulnerability Disclosure: A Balanced Approach

Lightboard Lessons: OWASP Top 10 - Cross Site Scripting