Forum Discussion

Arjun's avatar
Arjun
Icon for Nimbostratus rankNimbostratus
Aug 04, 2024

Attack requests with GET method

Observed certain attacks with GET requests. The attacks were observed for only one minute time and looks like run with scan tool. Although, I am not very well versed on application attack vectors.

Could someone help me understand these requests and their impact on the application. The F5 passed the requests but mainly cause the urls have wildcard in staging.

 

GET
/webui
/manager/html
/solr/admin/cores
/favicon.ico
/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance
/solr/admin/collections
/openstack/latest
/Onboarding/Import
/dynamic/instance-identity/document
/file=http:/www.w3.org/1999/xhtml

POST
/solr/gettingstarted_shard1_replica_n1/config
/jars/upload
/Onboarding/Import
/WEB_VMS/LEVEL15/
/api/session
/cps/test_backup_server
/ZMC_Admin_Login
/api/authentication/login

 

Thank you all

security

2 Replies

Sort By
  • zamroni777's avatar
    zamroni777
    Icon for Nacreous rankNacreous
    Aug 12, 2024

    do you enable learning mode in the waf profile?

    learning should be enabled only for traffic from legitimate testers traffic.
    the resulted profile then applied to live traffic.

  • Aswin_mk's avatar
    Aswin_mk
    Icon for Cirrocumulus rankCirrocumulus
    Aug 07, 2024

    Hi These are all applications related path and if the application allow only it will forward. GET is used for retrieving data like searching, filtering, or paging, whereas POST is used for submitting forms, modifying data, or creating new resources. If you have ASM module, you can make a better security policy in Layer and block unwanted threats and attacks

     

    Check F5 ASM features use cases