Manual Chapter :
Configuring server side access to disallowed host violation
Applies To:
Show VersionsBIG-IP ASM
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
Configuring server side access to disallowed host violation
- On the Main tab, click.
- ExpandParameters.
- CheckAlarmandBlockfields for theServer-side access to disallowed hostviolation.
- ClickSaveand thenApply Policy.
The violation is configured. If user sends any of the disallowed domain name or IP address configured in
SSRF host list
, then the ASM will block the request and sends server-side access to disallowed host
violation.If
Is IP address
field is unchecked and IP address as URI parameter is received, then Illegal parameter data type
violation is raised. The following is an example:
Configured Disallowed Hosts: a.com *b.com 100.20.10.1 200.10.0.0/16 2001:0000:3238:DFE1:63:0000:0000:FEFB For the above configured host list the following requests will be blocked and raise "Server-side access to disallowed host" violation. http://<VS>/index.html?uriParam=a.com (Is IP Address should be disabled) http://<VS>/index.html?uriParam=http://a.b.com/ (Is IP Address should be disabled) http://<VS>/index.html?uriParam=http://100.20.10.1 (Is IP Address should be enabled) http://<VS>/index.html?uriParam=http://200.10.201.255 (Is IP Address should be enabled) http://<VS>/index.html?uriParam=http://[2001:0000:3238:DFE1:63:0000:0000:FEFB] (Is IP Address should be enabled)