Enable Apache Struts Protection via F5 ASM module

September 13, 20178 yr

Here are the steps that were followed to protect environment from Apache Struts vulnerabilities

Security - app secuirty - attack signatures - attack signature configuration
Enable Staging
Save - Apply Policy

Security - options - app security - attack signatures - attack signatures update
Delivery Mode: Manual
Browse to File
Click Update Signatures

Security - Options - Application Security - Attack Signatures - attack signature set
Create
apache_struts_CVE...
Type: Manual
200004224
200003458
200003470
200004174
200003440
200100310

Security - Application Security - Attack Signatures - Attack Signature List
Filter Details
Search Signature ID (remove from Staging)
200004224
200003458
200003470
200004174
200003440
200100310
Search Containg String (remove from Staging)
sig.java.lang.processbuilder
"/bin" execution attempt (Headers)
Automated client access "curl"
Java Code Injection (java packages) (Header)
Java code injection - java/lang/Process (Header)
Java code injection java.lang.System (Header)
Java code injection ognl.OgnlContext (Header)
APPLY Policy

Security - Application Security - Content Profiles - XML Profiles
Create
Apache_Struts_Profile
Defense Configuration:
Allow DTDs
Tolerate Leading White Space
Create

Security - Application Security - URLs - Allowed URLs
Next to HTTPS click *
Advanced
Header-Based Content Profiles
Request Header Name: Content-Type
Request Header Value: *xml*
Request Body Handling: XML
Click ADD
Click UPDATE

Same thing for HTTP

APPLY Policy

Enable Apache Struts Protection via F5 ASM module

Featured Replies

Create an account or sign in to comment

Important Information

Account

Navigation

Search

Configure browser push notifications

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)