Forum Discussion

Nimbostratus

Jan 04, 2011

The Blocking Reponse Page is blocked and looping :-)

Hi there, On our ASM, for the Blocking Reponse Page, we use a redirect to a page on the application server: So the browser is requesting https://the.server/path-to/blocking-pag...

app sec

BIG-IP Access Policy Manager (APM)

security

hooleylist

Cirrostratus

Jan 04, 2011

Hey Sam,

The downside to using an HTTP class with filters to selectively disable ASM is that TMM doesn't do any URL normalization. So if an attacker knew you were bypassing ASM for /path/to/blocking.page*, they could use a URI like /path/to/blocking.page/../../../attack.exe to get to /attack.exe without going through ASM.

That's why I really like Arthur's idea of sending an HTTP response from an iRule in the ASM_REQUEST_VIOLATION event when the URI is the blocking page. It's lighter weight than the sanitization iRule for 9.x ASM and still provides good security.

Aaron

Forum Discussion

The Blocking Reponse Page is blocked and looping :-)

Recent Discussions

Can iRule be used to perform exception of IPI category based on Geolocation

BWC iRule

Citrix XenServer Big-IP Upgrade help

iRule condition - request contains more than 10000 parameters

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

Related Content

Block traffic

domain blocking

Block IP after a number of ASM Blocks

Response and blocking page

Understanding F5's Transparent Mode vs Blocking Mode with a Focus on Geo-Blocking