zack_254145
Jan 12, 2019Nimbostratus
Does F5 has any feature of anti-tampering web content?
Hi Folks,
I am not sure if any of F5 modules is capable of blocking web content tampering? For example if a hacker injects a piece of malicious JS within a server response? Will F5 has any feature to check the server response and find out that malicious JS, or link pointing to some bad reputation host?
I understand WAF is usually to protect the web server before any nasty things really happen... but irule/iruleLX is always so powerful to resolve many of impossibilities :)
I think what bigip needs to do is to:
- learn the server response
- If any new link/JS found, check its hostname/behavior/md5 to either local db or 3rd party file reputation service, such as virustotal and then got a result
- bigip block/allow the server response based on step2
Thanks for any advice!