How to block phpshells?

Question

Hello ,
I have a Server behind the F5.
I want to mitigate the webshells [ phpshell , aspshell etc] security.
ive heard that it works with the asm. how i make it work on a specific VS?&nbsp;
Thank you .&nbsp;

jad_tabbara__j1 · Answer

Hello Chenco, &nbsp;
You need to create an ASM policy and add it to your existing VS. &nbsp;
If you are not familiar with the ASM it can be a difficult task because if you put it in Blocking mode it may generate a lot of false positives. &nbsp;
So you need to :&nbsp;
create the ASM policy in transparent mode (learning mode)
assign the Attack Signatures Sets that corresponds with your backend server (OS, Webserver, Language, Database). When you assign the Linux OS Signatures it will automatically add signatures that prevent "Kill, exec" and other command execution... The F5 will look at the POST method body and URL and apply the Attack Signature (make sure that on your wildcard HTTP/HTTPS URL you check the "Attack Signature") &nbsp;

prevent specific file extension upload, by making a whitelist of authorized file extension. You can do this fom "Security  ››  Application Security : File Types : Allowed File Types"&nbsp;

Hope it helps&nbsp;
Regards&nbsp;

Forum Discussion

How to block phpshells?

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Block traffic

domain blocking

Block IP after a number of ASM Blocks

Response and blocking page

Understanding F5's Transparent Mode vs Blocking Mode with a Focus on Geo-Blocking