Manual Chapter :
Configuring SSRF hosts list
Applies To:
Show Versions
BIG-IP ASM
- 17.5.1, 17.5.0
Configuring SSRF hosts list
- On the Main tab, click .
- Select the policy for which hosts list is to be configured.
- Navigate to section.
- In theSSRF Hostsfield, select the action from the dropdown and add the IP address or domain name.The following are few examples of IP address as a host:CIDRIP RangeActionIs Configuration AllowedExplanation10.20.30.4010.20.30.40DenyYesTraffic that contains 10.20.30.40 as a URI Parameter value will be blocked with SSRF violation.100.200.254.50/32100.200.254.50AllowYesTraffic that contains 100.200.254.50 as a URI Parameter value will be allowed.200.0.0.0/24200.0.0.0 – 200.0.0.255DenyYesTraffic that contains any IP Address in the configured IP Range as URI Parameter value will be blocked.255.255.255.256Not applicableDenyNoEach IP Octet in IPv4 Address should be in the Range 0-255.001.2.3.4Not applicableDenyNoIP octet should not start with two consecutive zeros.2001:0db8:85a3:0000:0000:8a2e:0370:73342001:0db8:85a3:0000:0000:8a2e:0370:7334AllowYesTraffic which contains configured IP Address as URI Parameter value will be allowed.2002:0000:0000:1234:0000:0000:0000:0000/642002:0000:0000:1234:0000:0000:0000:0000 - 2002:0000:0000:1234:ffff:ffff:ffff:ffffDenyYesTraffic that contains any IP Address in the configured IP Range as URI Parameter value will be allowed.56FE::2159:5BBC::6594Not applicableDenyNoDouble colon notation can be used only once in IPv6 Addresses.56FE::2159:5BBC::1234/129Not applicableAllowNoInvalid CIDR.The following are few examples of domain name as host:Domain NameActionIs configuration valid?Explanationabc123.comDenyYesTraffic that contains abc123.com as URI Parameter value will be blocked with SSRF violation.*.help.comAllowYesTraffic that contains any subdomain of domain help.com as URI Parameter value will be allowed.a$b.comDenyNoThe domain name should not contain any special character.a..b.comDenyNoAn empty subdomain is not valid.
- ClickSaveand thenApply Policy.
