How do you install/use TCLSCAN to validate secure iRules?

Question

Hello,&nbsp;I'm looking for some guidance on utilizing the TCLSCAN tool, and how we can utilize it to validate our irules are secure based on the recent security finding with TCL.  Has anyone successfully installed the tool?  Is it done from the F5 devices themselves?&nbsp;https://www.itpro.co.uk/internet-security/34188/firms-urged-to-scan-networks-for-major-big-ip-load-balancer- flawhttps://support.f5.com/csp/article/K15650046

acedawg1 · Answer

Hi GC84-&nbsp;This is the procedure I used:&nbsp;Compile tclscan on a CentOS 7 boxCopy the iRules to the CentOS 7 deviceRun the tclscan command against the iRules (e.g. tclscan iRuleDoubleSub.txt)&nbsp;The tclscan toolkit should not be loaded on the F5. &nbsp;I also used Burp Suite with the iRule extender loaded to test for double substitution issues.

Forum Discussion

How do you install/use TCLSCAN to validate secure iRules?

1 Reply

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

POC: Validate JWT with iRule

AWS CloudFormation EC2 UserData example to install NGINX Plus on Ubuntu 20.04 LTS using AWS SecretsManager

Implementing SSL Orchestrator - Validation & Troubleshooting

APM Customization: Password Change Validation

Request and validate OAuth / OIDC tokens with APM