Jump to content
rev.dennis

Enable Apache Struts Protection via F5 ASM module

Recommended Posts

Here are the steps that were followed to protect environment from Apache Struts vulnerabilities

Security – app secuirty – attack signatures – attack signature configuration
Enable Staging
Save – Apply Policy

Security – options – app security – attack signatures – attack signatures update
Delivery Mode: Manual
Browse to File
Click Update Signatures

Security – Options – Application Security – Attack Signatures – attack signature set
Create
apache_struts_CVE…
Type: Manual
200004224
200003458
200003470
200004174
200003440
200100310

Security – Application Security – Attack Signatures – Attack Signature List
Filter Details
Search Signature ID (remove from Staging)
200004224
200003458
200003470
200004174
200003440
200100310
Search Containg String (remove from Staging)
sig.java.lang.processbuilder
“/bin” execution attempt (Headers)
Automated client access “curl”
Java Code Injection (java packages) (Header)
Java code injection – java/lang/Process (Header)
Java code injection java.lang.System (Header)
Java code injection ognl.OgnlContext (Header)
APPLY Policy

Security – Application Security – Content Profiles – XML Profiles
Create
Apache_Struts_Profile
Defense Configuration:
Allow DTDs
Tolerate Leading White Space
Create

Security – Application Security – URLs – Allowed URLs
Next to HTTPS click *
Advanced
Header-Based Content Profiles
Request Header Name: Content-Type
Request Header Value: *xml*
Request Body Handling: XML
Click ADD
Click UPDATE

Same thing for HTTP

APPLY Policy

Share this post


Link to post
Share on other sites

×
×
  • Create New...