Nimbostratus
NimbostratusDear axteliano,
I'm very new in F5, but why don't you try to create a signature to block this?
Fo my example, I've created a rule to block /etc/passwd, ignore the fact that this already exists into ASM database signatures.
Sould be similar to:
1 - Security -> Options -> Application Security -> Attack Signatures -> Create...
Name:Attempt Password File
Systems: Unix/Linux
Attack Types: Information Leakage
Rule: uricontent:"/etc/passwd"; nocase; objonly;
Accurancy: Low
Risk: High
2 - To define block:
2.1 - Security -> Application Security -> Attack Signatures -> Find the name, "Attempt Password File"
2.2 - Select it and Change Properties Enable: Yes
Perform Staging: No
2.3 - Apply changes to Selected Attack Signatures
2.4 - Apply Policy
Best Regards
Barone