Manual Chapter :
About configuring SSRF
Applies To:
Show VersionsBIG-IP ASM
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
About configuring SSRF
To enable the SSRF functionality, the parameter which carries the IP addresses or domain names must be configured as a parameter of data type URI.
The F5 Application Security Manager (ASM) allows the user to configure the disallowed domain names and IP addresses such that if any of such URI parameter contains configured entries, then the ASM will block the traffic and raise a violation
server-side access to disallowed host
.Also, the ASM will block the request and raise a violation
illegal parameter data type
if any of the following condition is met:- If IP address as URI is received, whenIs IP addressfield in unchecked.
- If host name as URI is received, whenIs IP addressfiled is checked.
- If an invalid host name or IP address is received.