Documentation - V-266149

Title

The F5 BIG-IP appliance that provides intermediary services for HTTP must inspect inbound and outbound HTTP traffic for protocol compliance and protocol anomalies.

Description

<VulnDiscussion>Application protocol anomaly detection examines application layer protocols such as HTTP to identify attacks based on observed deviations in the normal RFC behavior of a protocol or service. This type of monitoring allows for the detection of known and unknown exploits which exploit weaknesses of commonly used protocols. Since protocol anomaly analysis examines the application payload for patterns or anomalies, an HTTP proxy must be included in the ALG. This ALG will be configur...

Fix Text (Documentation Requirement)

Application Security Policy: From the BIG-IP GUI: 1. Security. 2. Application Security. 3. Policy Building. 4. Learning and Blocking Settings. 5. Select the correct policy from the drop-down in the upper left. 6. Expand "HTTP protocol compliance failed". 7. Select the proper inspection criteria. 8. Click "Save". 9. Click "Apply Policy". HTTP Virtual Server: From the BIG-IP GUI: 1. Local Traffic. 2. Virtual Servers. 3. Virtual Server List. 4. Click the name of the HTTP virtual server. 5. Security >> Policies tab. 6. Set "Application Security Policy" to "Enabled". 7. Select the correct policy from the drop-down. 8. Click "Update". Refer to vendor documentation for more information.