Should ASM/WAF Be Implemented for a Temporary Static Notification Content Page

Question

We have an application that no longer exists.  A static page has been created (which will be up for 90 days) to tell the users that it no longer exists.  Is there any best practice to whether the ASM/WAF base policy should or shouldn't be applied to this temporary VIP?

cjunior · Answer

As far as I know, it depends on how the service is hosted or the platform or a known issue on it.

You may not be vulnerable to a command injection because site is static.

But is possible to be vulnerable to command execution, poisoning, tampering, etc.

So, yes, I would apply a policy there t least based on a platform.

Regards.

t_dub82 · Answer

Okay thanks for the information.

Tomara Watkins, BSBA MBA
ODJFS/OIS/IT Governance and Risk Management
Desk Phone: (614) 387-8162
Service Desk: (614) 466-0978
stateofohio.service-now.com/ess
Email: tomara.watkins@jfs.ohio.gov
ONE TEAM, inspiring each other to embrace INNOVATION;
Deliver VALUE-ADDED services; and create DIGITAL BUSINESS solutions

Forum Discussion

Should ASM/WAF Be Implemented for a Temporary Static Notification Content Page

2 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Traffic Management User Interface Vulnerability: The Fix and Temporary Mitigation Options

CORS implementation

Implementing basic OAuth with F5 BIG-IP APM

API Security: How to implement API Access Control with F5

Implementing SSL Orchestrator with OPSWAT MetaDefender