Case Management

MY PRODUCTS & PLANS

Subscriptions

Product Usage

Trials

Registration Keys

Resources
Downloads
Licensing
Activate F5 product registration key
Ihealth
Verify the proper operation of your BIG-IP system

Education Services Portal
Access courses and certifications to master F5 products
Devcentral
Join the community of 300,000+ technical peers

F5 Certification
Advance your career with F5 Certification
Product Manuals
Product Manuals and Release notes

Manual Chapter : Configuring illegal parameter datatype violation

Applies To:

Versions

BIG-IP ASM

17.5.1
17.5.0

back-action

Mitigating Ssrf

Configuring illegal parameter datatype violation

Note: Enable the Illegal Parameter Data Type violation, else the SSRF mitigation will not work as expected.

On the Main tab, click Security > Application Security > Policy Building > Learning and Blocking Settings.
Expand Parameters.
Check Learn, Alarm, and Block fields for the Illegal Parameter data type violation.
Click Save and then Apply Policy.

The violation is configured. ASM will block the request and raise a violation illegal parameter data type if any of the following condition is met:

If IP address as URI is received, when the Host Name Representation field in set to Domain Name.
If host name as URI is received, when the Host Name Representation field in set to IP address.
If an invalid host name or IP address is received.

Parent topic:Mitigating Server-Side Request Forgery