Forum Discussion

zack_254145's avatar
zack_254145
Icon for Nimbostratus rankNimbostratus
Jan 12, 2019

Does F5 has any feature of anti-tampering web content?

Hi Folks,

 

I am not sure if any of F5 modules is capable of blocking web content tampering? For example if a hacker injects a piece of malicious JS within a server response? Will F5 has any feature to check the server response and find out that malicious JS, or link pointing to some bad reputation host?

 

I understand WAF is usually to protect the web server before any nasty things really happen... but irule/iruleLX is always so powerful to resolve many of impossibilities :)

 

I think what bigip needs to do is to:

 

  1. learn the server response
  2. If any new link/JS found, check its hostname/behavior/md5 to either local db or 3rd party file reputation service, such as virustotal and then got a result
  3. bigip block/allow the server response based on step2

Thanks for any advice!

 

1 Reply

  • First of all - how do you think the hackers are going to inject a malicious script into the responses of the Server (which is behind F5 WAF)? Most attacks happen over the web using Cross-Site-Scripting attack (XSS) or SQL injection attack (SQLi). F5 ASM as a WAF can identify and block the malicious script injection attempt as it will be a Request.

     

    There are ways to inject malicious scripts using man-in-the-browser/client-side malware or 3rd-party JavaScript already included in server responses being compromised. In such cases F5 WebSafe module can help.