ASM protection against SSRF

Question

Anyone have experience in virtually patching an application vulnerable to SSRF (server-side request forgery) protected by ASM? If so, how did you configure ASM policy? Whitelist all allowed URLs?

samstep · Answer

F5 ASM can provide SSRF protection in many ways including response signatures, parameter type enforcement and whitelisting.&nbsp;
First of all you should find out: &nbsp;
which URLs of the application are vulnerable to SSRFwhat the successful SSRF attack URL looks like and what is the 'good usage' URL 
I assume you can get this from the pen-test report. Once you have this information it will become clearer what ASM policy changes you need to protect the application&nbsp;

Forum Discussion

ASM protection against SSRF

1 Reply

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

Beyond REST: Protecting GraphQL

Mitigation of OWASP API Security Risk: SSRF using F5 Distributed Cloud Platform

L7 DoS Protection with NGINX App Protect DoS

Mitigating OWASP Web Application Risk: SSRF Attack using F5 XC Platform

Managing NGINX App Protect WAF for Beginners