"}},"component({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com\"}}})":{"__typename":"ComponentRenderResult","html":""}},"component({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com\"}}})":{"__typename":"ComponentRenderResult","html":" "}},"tagFollowsForNodes({\"nodeIds\":\"board:TechnicalArticles\",\"tagText\":\"security\"})":[{"__typename":"TagFollowForNodeResponse","coreNode":{"__ref":"Tkb:board:TechnicalArticles"},"follow":null}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/OverflowNav\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/Pager/PagerLoadMore\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageUnreadCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageViewCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageViewCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/kudos/KudosCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/kudos/KudosCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRepliesCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1728320186000"}]},"CachedAsset:pages-1737018511617":{"__typename":"CachedAsset","id":"pages-1737018511617","value":[{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737018511617,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Former Member","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"dd-MMM-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":"en","possibleValues":["en-US"]}},"deleted":false},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"CachedAsset:theme:customTheme1-1737018511180":{"__typename":"CachedAsset","id":"theme:customTheme1-1737018511180","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"JimmyPackets-512-1702592938213.png","imageLastModified":"1702592945815","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"f5_logo_fix-1704824537976.svg","imageLastModified":"1704824540697","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1600px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_PAGE_CONTENT","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"5px","borderRadius":"5px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"14px","paddingXHero":"42px","fontStyle":"NORMAL","fontWeight":"400","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-400)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-300)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"NONE","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.06)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","forumColor":"#0C5C8D","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#62C026","blogColor":"#730015","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#C20025","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#F3704B","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#EE4B5B","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#491B62","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0C5C8D","secondary":"#333333","bodyText":"#222222","bodyBg":"#F5F5F5","info":"#1D9CD3","success":"#62C026","warning":"#FFD651","danger":"#C20025","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#C20025","#081B85","#009639","#B3C6D7","#7CC0EB","#F29A36"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Inter","fontStyle":"NORMAL","fontWeight":"600","h1FontSize":"30px","h2FontSize":"25px","h3FontSize":"20px","h4FontSize":"18px","h5FontSize":"16px","h6FontSize":"16px","lineHeight":"1.2","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":null,"h2FontWeight":null,"h3FontWeight":null,"h4FontWeight":null,"h5FontWeight":null,"h6FontWeight":null,"__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":null,"imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"14px","defaultMessageHeaderMarginBottom":"10px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"14px","specialMessageHeaderMarginBottom":"10px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Atkinson Hyperlegible","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.3","fontSizeBase":"15px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"13px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1728320186000","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1728320186000","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:text:en_US-pages/tags/TagPage-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-pages/tags/TagPage-1728320186000","value":{"tagPageTitle":"Tag:\"{tagName}\" | {communityTitle}","tagPageForNodeTitle":"Tag:\"{tagName}\" in \"{title}\" | {communityTitle}","name":"Tags Page","tag":"Tag: {tagName}"},"localOverride":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy","mimeType":"image/png"},"Category:category:Articles":{"__typename":"Category","id":"category:Articles","entityType":"CATEGORY","displayId":"Articles","nodeType":"category","depth":1,"title":"Articles","shortTitle":"Articles","parent":{"__ref":"Category:category:top"},"categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:top":{"__typename":"Category","id":"category:top","displayId":"top","nodeType":"category","depth":0,"title":"Top"},"Tkb:board:TechnicalArticles":{"__typename":"Tkb","id":"board:TechnicalArticles","entityType":"TKB","displayId":"TechnicalArticles","nodeType":"board","depth":2,"conversationStyle":"TKB","title":"Technical Articles","description":"F5 SMEs share good practice.","avatar":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy\"}"},"profileSettings":{"__typename":"ProfileSettings","language":null},"parent":{"__ref":"Category:category:Articles"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:zihoc95639"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:Articles"}}]},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"boardPolicies":{"__typename":"BoardPolicies","canPublishArticleOnCreate":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","args":[]}},"canReadNode":{"__typename":"PolicyResult","failureReason":null}},"tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"shortTitle":"Technical Articles","tagPolicies":{"__typename":"TagPolicies","canSubscribeTagOnNode":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.corenode.subscribe_labels.allow.accessDenied","key":"error.lithium.policies.labels.action.corenode.subscribe_labels.allow.accessDenied","args":[]}},"canManageTagDashboard":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.corenode.admin_labels.allow.accessDenied","key":"error.lithium.policies.labels.action.corenode.admin_labels.allow.accessDenied","args":[]}}}},"CachedAsset:quilt:f5.prod:pages/tags/TagPage:board:TechnicalArticles-1737018509496":{"__typename":"CachedAsset","id":"quilt:f5.prod:pages/tags/TagPage:board:TechnicalArticles-1737018509496","value":{"id":"TagPage","container":{"id":"Common","headerProps":{"removeComponents":["community.widget.bannerWidget"],"__typename":"QuiltContainerSectionProps"},"items":[{"id":"tag-header-widget","layout":"ONE_COLUMN","bgColor":"var(--lia-bs-white)","showBorder":"BOTTOM","sectionEditLevel":"LOCKED","columnMap":{"main":[{"id":"tags.widget.TagsHeaderWidget","__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"},{"id":"messages-list-for-tag-widget","layout":"ONE_COLUMN","columnMap":{"main":[{"id":"messages.widget.messageListForNodeByRecentActivityWidget","props":{"viewVariant":{"type":"inline","props":{"useUnreadCount":true,"useViewCount":true,"useAuthorLogin":true,"clampBodyLines":3,"useAvatar":true,"useBoardIcon":false,"useKudosCount":true,"usePreviewMedia":true,"useTags":false,"useNode":true,"useNodeLink":true,"useTextBody":true,"truncateBodyLength":-1,"useBody":true,"useRepliesCount":true,"useSolvedBadge":true,"timeStampType":"conversation.lastPostingActivityTime","useMessageTimeLink":true,"clampSubjectLines":2}},"panelType":"divider","useTitle":false,"hideIfEmpty":false,"pagerVariant":{"type":"loadMore"},"style":"list","showTabs":true,"tabItemMap":{"default":{"mostRecent":true,"mostRecentUserContent":false,"newest":false},"additional":{"mostKudoed":true,"mostViewed":true,"mostReplies":false,"noReplies":false,"noSolutions":false,"solutions":false}}},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"}],"__typename":"QuiltContainer"},"__typename":"Quilt"},"localOverride":false},"CachedAsset:quiltWrapper:f5.prod:Common:1737018456223":{"__typename":"CachedAsset","id":"quiltWrapper:f5.prod:Common:1737018456223","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":"header.jpg","backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"LEFT_CENTER","lastModified":"1702932449000","__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.Beta_MetaNav","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":true,"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"700","controllerHighlightColor":"hsla(30, 100%, 50%)","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"15px","linkBoxShadowHover":"none","backgroundOpacity":0.4,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"48px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"10px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"0","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"center","linkColor":"var(--lia-bs-primary)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-primary)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid #0C5C8D","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","paddingTop":"10px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"#0C5C8D","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"#0C5C8D"},"links":{"sideLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"TechnicalForum","categoryId":"Forums"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"WaterCooler","categoryId":"Forums"},"routeName":"ForumBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"Forums"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-4","params":{"boardId":"codeshare","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-5","params":{"boardId":"communityarticles","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"categoryId":"CrowdSRC"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-7","params":{"boardId":"TechnicalArticles","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"article-series","params":{"boardId":"article-series","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"security-insights","params":{"boardId":"security-insights","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-8","params":{"boardId":"DevCentralNews","categoryId":"Articles"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-6","params":{"categoryId":"Articles"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"categoryId":"CommunityGroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"categoryId":"F5-Groups"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"GroupsCategory"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-12","params":{"boardId":"Events","categoryId":"top"},"routeName":"EventBoardPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"Suggestions","categoryId":"top"},"routeName":"IdeaBoardPage"}]},"className":"QuiltComponent_lia-component-edit-mode__lQ9Z6","showSearchIcon":false},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"transparent","visualEffects":{"showBottomBorder":false},"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"#222222"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"var(--lia-bs-primary)","linkHighlightColor":"#FFFFFF","visualEffects":{"showBottomBorder":false},"backgroundOpacity":60,"linkTextColor":"#FFFFFF"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"custom.widget.Beta_Footer","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Tag_Manager_Helper","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Consent_Blackbar","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1728320186000","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.Beta_MetaNav-en-1737018527297":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_MetaNav-en-1737018527297","value":{"component":{"id":"custom.widget.Beta_MetaNav","template":{"id":"Beta_MetaNav","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_MetaNav","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_Footer-en-1737018527297":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_Footer-en-1737018527297","value":{"component":{"id":"custom.widget.Beta_Footer","template":{"id":"Beta_Footer","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_Footer","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Tag_Manager_Helper-en-1737018527297":{"__typename":"CachedAsset","id":"component:custom.widget.Tag_Manager_Helper-en-1737018527297","value":{"component":{"id":"custom.widget.Tag_Manager_Helper","template":{"id":"Tag_Manager_Helper","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Tag_Manager_Helper","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Consent_Blackbar-en-1737018527297":{"__typename":"CachedAsset","id":"component:custom.widget.Consent_Blackbar-en-1737018527297","value":{"component":{"id":"custom.widget.Consent_Blackbar","template":{"id":"Consent_Blackbar","markupLanguage":"HTML","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Consent_Blackbar","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1728320186000","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagsHeaderWidget-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagsHeaderWidget-1728320186000","value":{"tag":"{tagName}","topicsCount":"{count} {count, plural, one {Topic} other {Topics}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1728320186000","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1706288370055":"Content Feed","title@instance:1704319314827":"Blog Feed","title@instance:1704317906837":"Content Feed","title@instance:1702668293472":"Community Feed","title@instance:1704320290851":"My Contributions","title@instance:1703720491809":"Forum Feed","title@instance:1703028709746":"Group Content Feed","title@instance:VTsglH":"Content Feed"},"localOverride":false},"Category:category:Forums":{"__typename":"Category","id":"category:Forums","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:TechnicalForum":{"__typename":"Forum","id":"board:TechnicalForum","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:WaterCooler":{"__typename":"Forum","id":"board:WaterCooler","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:DevCentralNews":{"__typename":"Tkb","id":"board:DevCentralNews","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:GroupsCategory":{"__typename":"Category","id":"category:GroupsCategory","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:F5-Groups":{"__typename":"Category","id":"category:F5-Groups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityGroups":{"__typename":"Category","id":"category:CommunityGroups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:Events":{"__typename":"Occasion","id":"board:Events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Idea:board:Suggestions":{"__typename":"Idea","id":"board:Suggestions","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"ideaPolicies":{"__typename":"IdeaPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CrowdSRC":{"__typename":"Category","id":"category:CrowdSRC","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:codeshare":{"__typename":"Tkb","id":"board:codeshare","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:communityarticles":{"__typename":"Tkb","id":"board:communityarticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:security-insights":{"__typename":"Tkb","id":"board:security-insights","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:article-series":{"__typename":"Tkb","id":"board:article-series","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:323254":{"__typename":"Conversation","id":"conversation:323254","topic":{"__typename":"TkbTopicMessage","uid":323254},"lastPostingActivityTime":"2025-01-15T10:02:27.734-08:00","solved":false},"User:user:194786":{"__typename":"User","uid":194786,"login":"Janibasha","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xOTQ3ODYtMjA5NDJpMEI1Q0JDRDNGRkQ2MUM0Mw"},"id":"user:194786"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjM4OTZpQTE0Q0ZFMTVFMTBCOEFFMw?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjM4OTZpQTE0Q0ZFMTVFMTBCOEFFMw?revision=27","title":"DC-Cover_0001_mateusz-klein-ADvHWx2wV5Y-unsplash.jpg","associationType":"COVER","width":500,"height":500,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxNDBpREJBODhBMjUwNzVGNDdERA?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxNDBpREJBODhBMjUwNzVGNDdERA?revision=27","title":"ccn-postman.JPG","associationType":"BODY","width":2800,"height":1526,"altText":"ccn-postman.JPG"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMTNpMkRGNjE4N0M3MkE0MjgwRQ?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMTNpMkRGNjE4N0M3MkE0MjgwRQ?revision=27","title":"dataguard-config.jpg","associationType":"BODY","width":2189,"height":1114,"altText":"dataguard-config.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzZpRUQ3N0FGNzlERDJFOEEzOQ?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzZpRUQ3N0FGNzlERDJFOEEzOQ?revision=27","title":"dataguard-mask.JPG","associationType":"BODY","width":2763,"height":1754,"altText":"dataguard-mask.JPG"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMTFpQzczOTBEMkQ1MjgxOUM2RA?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMTFpQzczOTBEMkQ1MjgxOUM2RA?revision=27","title":"dataguard-postman.jpg","associationType":"BODY","width":3080,"height":1535,"altText":"dataguard-postman.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMTJpRkEyRDlFRTA5RTNGNUJFNQ?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMTJpRkEyRDlFRTA5RTNGNUJFNQ?revision=27","title":"dataguard-log.jpg","associationType":"BODY","width":3195,"height":2055,"altText":"dataguard-log.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzdpREM5NDVFNTBCMTg4OUFGNg?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzdpREM5NDVFNTBCMTg4OUFGNg?revision=27","title":"injection-postman.JPG","associationType":"BODY","width":3026,"height":1457,"altText":"injection-postman.JPG"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzRpRkU1OUVGMDA3NjFBRjQ3Mg?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzRpRkU1OUVGMDA3NjFBRjQ3Mg?revision=27","title":"sqli-block.jpg","associationType":"BODY","width":3825,"height":2037,"altText":"sqli-block.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzVpNTEyRkFGMTBDRkE0MUNFNA?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzVpNTEyRkFGMTBDRkE0MUNFNA?revision=27","title":"sqli-log.jpg","associationType":"BODY","width":3791,"height":2287,"altText":"sqli-log.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzFpQzkyQjg0Nzg2MDhGNDMyOA?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzFpQzkyQjg0Nzg2MDhGNDMyOA?revision=27","title":"bots-config.jpg","associationType":"BODY","width":3781,"height":2277,"altText":"bots-config.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzJpQzJDQkZBMUQxMkVGMDFDNA?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzJpQzJDQkZBMUQxMkVGMDFDNA?revision=27","title":"bots-postman.jpg","associationType":"BODY","width":3127,"height":2067,"altText":"bots-postman.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzNpRThFQkRDNTYwMEI3Nzk0NA?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzNpRThFQkRDNTYwMEI3Nzk0NA?revision=27","title":"bots.jpg","associationType":"BODY","width":3795,"height":2251,"altText":"bots.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMjlpM0Y0QkY4NTRBM0JBRkYyRA?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMjlpM0Y0QkY4NTRBM0JBRkYyRA?revision=27","title":"rate-limit.jpg","associationType":"BODY","width":3789,"height":2297,"altText":"rate-limit.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzBpMEYwNzM4ODY5M0VGMEVBQg?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzBpMEYwNzM4ODY5M0VGMEVBQg?revision=27","title":"rate-block.JPG","associationType":"BODY","width":2962,"height":1633,"altText":"rate-block.JPG"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzhpRTc5QTFGODZENDA1MDgwRg?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzhpRTc5QTFGODZENDA1MDgwRg?revision=27","title":"rate-limiting-web.jpg","associationType":"BODY","width":3840,"height":2400,"altText":"rate-limiting-web.jpg"},"TkbTopicMessage:message:323254":{"__typename":"TkbTopicMessage","subject":"Mitigating OWASP API Security Top 10 risks using F5 NGINX App Protect","conversation":{"__ref":"Conversation:conversation:323254"},"id":"message:323254","revisionNum":27,"uid":323254,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:194786"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":2380},"postTime":"2023-11-13T05:00:00.021-08:00","lastPublishTime":"2025-01-15T10:02:27.734-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n This 2019 API Security article covers the summary of OWASP API Security Top 10 – 2019 categories and newly published 2023 API security article covered introductory part of newest edition of OWASP API Security Top 10 risks – 2023. \n We will deep-dive into some of those common risks and how we can protect our applications against these vulnerabilities using F5 NGINX App Protect. \n \n \n Excessive Data Exposure \n Problem Statement: \n As shown below in one of the demo application API’s, Personal Identifiable Information (PII) data, like Credit Card Numbers (CCN) and U.S. Social Security Numbers (SSN), are visible in responses that are highly sensitive. So, we must hide these details to prevent personal data exploits. \n Solution: \n To prevent this vulnerability, we will use the DataGuard feature in NGINX App Protect, which validates all response data for sensitive details and will either mask the data or block those requests, as per the configured settings. First, we will configure DataGuard to mask the PII data as shown below and will apply this configuration. \n Next, if we resend the same request, we can see that the CCN/SSN numbers are masked, thereby preventing data breaches. \n If needed, we can update configurations to block this vulnerability after which all incoming requests for this endpoint will be blocked. \n If you open the security log and filter with this support ID, we can see that the request is either blocked or PII data is masked, as per the DataGuard configuration applied in the above section. \n \n Injection \n Problem Statement: \n Customer login pages without secure coding practices may have flaws. Intruders could use those flaws to exploit credential validation using different types of injections, like SQLi, command injections, etc. In our demo application, we have found an exploit which allows us to bypass credential validation using SQL injection (by using username as “' OR true --” and any password), thereby getting administrative access, as below: \n Solution: \n NGINX App Protect has a database of signatures that match this type of SQLi attacks. By configuring the WAF policy in blocking mode, NGINX App Protect can identify and block this attack, as shown below. \n If you check in the security log with this support ID, we can see that request is blocked because of SQL injection risk, as below. \n \n Insufficient Logging & Monitoring \n Problem Statement: \n Appropriate logging and monitoring solutions play a pivotal role in identifying attacks and also in finding the root cause for any security issues. Without these solutions, applications are fully exposed to attackers and SecOps is completely blind to identifying details of users and resources being accessed. \n Solution: \n NGINX provides different options to track logging details of applications for end-to-end visibility of every request both from a security and performance perspective. Users can change configurations as per their requirements and can also configure different logging mechanisms with different levels. Check the links below for more details on logging: \n \n https://www.nginx.com/blog/logging-upstream-nginx-traffic-cdn77/ \n https://www.nginx.com/blog/modsecurity-logging-and-debugging/ \n https://www.nginx.com/blog/using-nginx-logging-for-application-performance-monitoring/ \n https://docs.nginx.com/nginx/admin-guide/monitoring/logging/ \n https://docs.nginx.com/nginx-app-protect-waf/logging-overview/logs-overview/ \n \n \n Unrestricted Access to Sensitive Business Flows \n Problem Statement: \n By using the power of automation tools, attackers can now break through tough levels of protection. The inefficiency of APIs to detect automated bot tools not only causes business loss, but it can also adversely impact the services for genuine users of an application. \n Solution: \n NGINX App Protect has the best-in-class bot detection technology and can detect and label automation tools in different categories, like trusted, untrusted, and unknown. Depending on the appropriate configurations applied in the policy, requests generated from these tools are either blocked or alerted. Below is an example that shows how requests generated from the Postman automation tool are getting blocked. \n By filtering the security log with this support-id, we can see that the request is blocked because of an untrusted bot. \n \n Lack of Resources & Rate Limiting \n Problem Statement: \n APIs do not have any restrictions on the size or number of resources that can be requested by the end user. Above mentioned scenarios sometimes lead to poor API server performance, Denial of Service (DoS), and brute force attacks. \n Solution: \n NGINX App Protect provides different ways to rate limit the requests as per user requirements. A simple rate limiting use case configuration is able to block requests after reaching the limit, which is demonstrated below. \n \n \n \n Conclusion: \n In short, this article covered some common API vulnerabilities and shows how NGINX App Protect can be used as a mitigation solution to prevent these OWASP API security risks. \n Related resources for more information or to get started: \n \n F5 NGINX App Protect \n OWASP API Security Top 10 2019 \n OWASP API Security Top 10 2023 \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"5363","kudosSumWeight":7,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjM4OTZpQTE0Q0ZFMTVFMTBCOEFFMw?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxNDBpREJBODhBMjUwNzVGNDdERA?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMTNpMkRGNjE4N0M3MkE0MjgwRQ?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzZpRUQ3N0FGNzlERDJFOEEzOQ?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMTFpQzczOTBEMkQ1MjgxOUM2RA?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMTJpRkEyRDlFRTA5RTNGNUJFNQ?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzdpREM5NDVFNTBCMTg4OUFGNg?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzRpRkU1OUVGMDA3NjFBRjQ3Mg?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzVpNTEyRkFGMTBDRkE0MUNFNA?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzFpQzkyQjg0Nzg2MDhGNDMyOA?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzJpQzJDQkZBMUQxMkVGMDFDNA?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzNpRThFQkRDNTYwMEI3Nzk0NA?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMjlpM0Y0QkY4NTRBM0JBRkYyRA?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzBpMEYwNzM4ODY5M0VGMEVBQg?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjMyNTQtMjYxMzhpRTc5QTFGODZENDA1MDgwRg?revision=27\"}"}}],"totalCount":15,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:306666":{"__typename":"Conversation","id":"conversation:306666","topic":{"__typename":"TkbTopicMessage","uid":306666},"lastPostingActivityTime":"2025-01-15T02:38:52.361-08:00","solved":false},"User:user:49440":{"__typename":"User","uid":49440,"login":"Chris_Zhang","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-1.svg"},"id":"user:49440"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNTZpMzU4MzY5MzZBRDE2QTc5MA?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNTZpMzU4MzY5MzZBRDE2QTc5MA?revision=9","title":"Screen Shot 2022-12-16 at 6.12.39 pm.png","associationType":"BODY","width":919,"height":366,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNTdpQjQxREU1QTIyQjM4RENGMw?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNTdpQjQxREU1QTIyQjM4RENGMw?revision=9","title":"Screen Shot 2022-12-16 at 6.30.39 pm.png","associationType":"BODY","width":1594,"height":1680,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNThpMzJCQ0Y0RDRCQURDRDE1Mg?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNThpMzJCQ0Y0RDRCQURDRDE1Mg?revision=9","title":"Screen Shot 2022-12-16 at 6.33.08 pm.png","associationType":"BODY","width":1594,"height":734,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNTlpQzI3NjUyMEVGMTdENzgzMg?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNTlpQzI3NjUyMEVGMTdENzgzMg?revision=9","title":"Screen Shot 2022-12-16 at 6.37.40 pm.png","associationType":"BODY","width":1256,"height":1038,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNjBpRjIzQjE4Qzg1QTM2ODRERQ?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNjBpRjIzQjE4Qzg1QTM2ODRERQ?revision=9","title":"Screen Shot 2022-12-16 at 6.39.09 pm.png","associationType":"BODY","width":1430,"height":1402,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNjFpQ0E2NjMyRUZENkYwODZDMw?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNjFpQ0E2NjMyRUZENkYwODZDMw?revision=9","title":"Screen Shot 2022-12-16 at 6.41.33 pm.png","associationType":"BODY","width":1430,"height":350,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNjJpOEMxQUM3OTIyQkU5RTM2Mg?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNjJpOEMxQUM3OTIyQkU5RTM2Mg?revision=9","title":"Screen Shot 2022-12-16 at 6.42.59 pm.png","associationType":"BODY","width":1430,"height":350,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNjNpRkY3RDY2NjNCM0VBOTFBRQ?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNjNpRkY3RDY2NjNCM0VBOTFBRQ?revision=9","title":"Screen Shot 2022-12-16 at 6.44.03 pm.png","associationType":"BODY","width":1770,"height":564,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzRpMUU0MkY4OUMwMDFDQkJCMA?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzRpMUU0MkY4OUMwMDFDQkJCMA?revision=9","title":"Screen Shot 2022-12-19 at 11.58.21 am.png","associationType":"BODY","width":1336,"height":62,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNDlpODE0RTlDRTU4ODQ5QzdDMQ?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNDlpODE0RTlDRTU4ODQ5QzdDMQ?revision=9","title":"Chris_Zhang_10-1671174530632.png","associationType":"BODY","width":539,"height":61,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNTBpRTcyQzE2QzYzRTU0MTdBNA?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNTBpRTcyQzE2QzYzRTU0MTdBNA?revision=9","title":"Chris_Zhang_11-1671174530632.png","associationType":"BODY","width":539,"height":61,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzVpOTdDNEVCOEI3RUYxMDhERA?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzVpOTdDNEVCOEI3RUYxMDhERA?revision=9","title":"Screen Shot 2022-12-19 at 12.01.35 pm.png","associationType":"BODY","width":1252,"height":1000,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzZpMzdFODdEOEFGQzM1QkE1Rg?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzZpMzdFODdEOEFGQzM1QkE1Rg?revision=9","title":"Screen Shot 2022-12-19 at 12.03.25 pm.png","associationType":"BODY","width":1880,"height":1060,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzdpOENFNDZBOUQ2RTBCMDQzNg?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzdpOENFNDZBOUQ2RTBCMDQzNg?revision=9","title":"Screen Shot 2022-12-19 at 12.04.46 pm.png","associationType":"BODY","width":1880,"height":834,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzhpOUE1NTFBOUI1NkY5OTRBRQ?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzhpOUE1NTFBOUI1NkY5OTRBRQ?revision=9","title":"Screen Shot 2022-12-19 at 12.05.45 pm.png","associationType":"BODY","width":1880,"height":620,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzlpMUFDNjVFMzhDNzE4RURDRA?revision=9\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzlpMUFDNjVFMzhDNzE4RURDRA?revision=9","title":"Screen Shot 2022-12-19 at 12.06.54 pm.png","associationType":"BODY","width":2638,"height":848,"altText":null},"TkbTopicMessage:message:306666":{"__typename":"TkbTopicMessage","subject":"API Security: How to implement API Access Control with F5","conversation":{"__ref":"Conversation:conversation:306666"},"id":"message:306666","revisionNum":9,"uid":306666,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:49440"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Per Gartner, API Security comprises two aspects: API Threat Protection and API Access Control. API Threat Protection is addressed with measures such as API L7 firewall, bot protection, DDoS mitigation, etc. API Access Control is most comprehensively addressed via OAuth 2.0. This article will see our attention focused on API Access Control, and how F5 APM can be leverage for this universal challenge when protecting API. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":5349},"postTime":"2023-01-19T05:00:00.025-08:00","lastPublishTime":"2023-01-19T05:00:00.025-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Introduction \n Organizations use API as a de facto standard to connect services and transfer data. Gartner predicts that by 2022, API attacks will become the most-frequent attack vector, causing data breaches for enterprise web applications. \n According to Gartner (table below), providing effective security for API falls into two broad aspects: API Threat Protection and API Access Control. \n \n API Threat Protection means detecting and blocking attacks on API, while API Access Control means controlling which application and users can access API. \n F5 has a couple of product offerings that can address either aspect of API security as defined by Gartner. \n Specifically, the Web Application and API Protection (WAAP) service offered via the F5 Distributed Cloud (F5 XC) addresses API Threat Protection and is consumed as SaaS. Please take a high-level overview here. \n For API Access Control, the good old and ever evolving F5 BIG-IP Access Policy Manager (APM) rises again to the occasion. In this article, I will focus at length on how we can leverage BIG-IP APM to provide API access control. \n Pre-words \n Before I get started, I would like to acknowledge the excellent work and coverage on this topic already done by James Lee, who has authored a three part article series titled ‘Advanced API Access Control with BIG-IP APM’. James has also provided tremendous assistance for my work effort while I was researching this very topic. THANK YOU, James! \n The purpose of this article is to hit the topic really hard one more time, hoping to further uncover the intricacies associated with the realm of API access control. \n Mechanism for API Access Control \n The OAuth 2.0 protocol is broadly used as a mechanism to provide API access control. It provides functions such as authentication, as well as authorization, which are pivotal to implementing control on API access. \n The OAuth 2.0 specification defines four roles, and it is the four roles working together to get the job done. \n I won’t bore you with the specs itself, in layman’s terms, I have described them as below. \n Resource Owner: This is the end user. e.g., you and I \n Resource Server: This is the API server that also understands OAuth. In many scenarios, API servers only know how to serve API requests, one way to add OAuth capability is via offloading that function to something else. Hint: BIG-IP APM \n Client: This is the application that makes API calls to your API server. The confusion part is Client here refers to OAuth Client. The application itself is an API client and for it to also act as an OAuth client, it needs to add OAuth Client function as well \n Authorization Server: This is who OAuth Client talks to to get an access token. The Authorization Server usually authenticates the OAuth Client prior to giving it the token. \n A high-level traffic flow would be like this, \n \n Client (Your application with OAuth component acting as OAuth Client) reaches out to the Authorization Server for an access token \n Authorization Server checks the incoming request from Client, usually authenticates the Client as well, if successful, gives Client an access token. \n Client sends the API request, with the access token included, to the Resource Server \n Resource Server verifies the access token and answers the API request \n \n Note: There are several variations to the above flow, depending upon the type of the application and associated capabilities (e.g., browser, mobile or machine based). The above flow is most suited to non-interactive machine-to-machine API traffic. \n API Access Control with BIG-IP APM \n If you are looking at adding API Access Control to your API servers that do not understand OAuth, leveraging the BIG-IP APM is surely a great way to bring in that capability. \n In addition, the Web Application and API Protection as a SaaS offering brings in API Threat Protection capability, which means you effectively kill two birds with one stone and can completely nail API security with a consolidated single vendor solution. \n In the succeeding sections, I will walk through the BIG-IP APM configuration, allowing it to function as an Authorization Server, as well as offloading Resource Server capability for your API servers. \n Authorization Server \n The role of Authorization Server is to provide an access token to Client if things check out. The kind of things that must check out is dependent upon the OAuth grant type being implemented. The popular grant types include the ones listed below but are not limited to these four: \n \n Authorization Code grant \n Implicit grant \n Resource Owner Password Credential (ROPC) grant \n Client Credentials grant \n \n The APM supports all four grant types, with the Client Credentials grant requiring a bit of iRule magic. \n Step-wise, we first create a LB VIP, and then attach it with an access profile that turns it into an Authorization Server. \n Prior to creating the access profile, we must create associated prerequisites. \n Under Access => Federation => OAuth Authorization Server, create a ‘Client Application’ and a ‘Resource Server’, followed by creating an ‘OAuth Profile’ that binds the ‘Client Application’ and ‘Resource Server’ together. The logic is that the authorization server needs to know its registered client application, as well as the participating resource server. This allows for Resource Server reaching out to Authorization Server for token validation as part of the flow. \n For this specific article, we select ‘Resource Owner Password Credentials’ (ROPC) grant type. There are plenty of resources on the Internet that talk about these different grants in great details but for the purpose of non-interactive machine to machine API traffic, the most suited grant type is Client Credentials. \n The BIG-IP APM does not natively handle Client Credentials grant type. However, it is very similar to ROPC grant type, which is natively handled. The idea is that we let the client application use ‘Client Credentials’ grant when talking to the Authorization Server, and once traffic arrives at the APM, we use an iRule to convert it to ROPC so the APM can process that traffic. \n ROPC requires that the Client (API client application) to send in username, password, client_id and client_secret. Client Credentials only requires client_id and client_secret to be sent. \n With Client Credentials grant, since no username or password is needed, the iRule simply adds them as dummies so the request looks like a ROPC grant request. \n Below are a couple of screenshots for your reference, as well as the iRule that you can readily use. \n \n Figure 1 - Create a Client Application \n \n Figure 2 - Create a Resource Server \n This iRule below is based on an excellent solution shared by DevCentral user youssef1. This is all his work, and I am simply referencing it here for this article. \n when HTTP_REQUEST {\n\n set grant_type null\n\n if { ( [string tolower [HTTP::uri]] equals \"/f5-oauth2/v1/token\" ) and ( [HTTP::method] equals \"POST\" ) } {\n set grant_type \"client_credentials\"\n HTTP::collect [HTTP::header Content-Length]\n }\n\n}\n\nwhen HTTP_REQUEST_DATA {\n\n if {$grant_type contains \"client_credentials\" } {\n set payload [HTTP::payload]\n\n if { [HTTP::payload] contains \"grant_type=client_credentials\" } {\n # log local0. \"Old Payload: [HTTP::payload]\"\n HTTP::payload replace 0 [HTTP::header Content-Length] [string map {\"grant_type=client_credentials\" \"grant_type=password&username=xxx&password=xxx\"} $payload]\n # log local0. \"New Payload: [HTTP::payload]\"\n HTTP::release\n }\n }\n} \n The above concludes the Authorization Server configuration. \n Resource Server \n If your API servers do not understand OAuth, you can offload OAuth function to the BIG-IP APM by putting them behind it. Specifically, create a LB VIP for your API servers and attach an access profile so that together they act as a Resource Server. \n The Resource Server is responsible for checking the access token presented by the Client (application) as part of its API request, if the token checks out, API request is answered, otherwise denied. \n Depending on the type of the access token, if it is in the form of an opaque token, meaning it carries no information on its own, the Resource Server will need to present this token to the Authorization Server and in return it gets the information. \n If the access token is in the form of a JSON Web Token (JWT), the Resource Server verifies the signature of the token and then reads the embedded information off it. The Resource Server won’t need to reach out to the Authorization Server in this case. \n The APM supports both opaque token and JWT token, and by default the opaque token is used. The opaque token provides certain benefits such as it is revokable, hides the actual information and is probably smaller in size when compared to a JWT token. The downside is the Resource Server will need to talk to the Authorization Server for token validation and introspection. The JWT token does not need the extra roundtrip of communication, and therefore cuts down on latency, due to information is already embedded inside the token. However, it may not be suitable if you are transmitting sensitive information or require revoking a token after one is issued. \n Just as a side note, the BIG-IP APM can receive an opaque token, validates it against an external party, and then issue a JWT token downstream, as part of its SSO capability. This is not related to our use case here, but I will mention it for awareness. \n To offload Resource Server function to the BIG-IP APM, go to Access => Federation => OAuth Client / Resource Server, create a ‘Provider’ and an ‘OAuth Server’ configuration. \n The idea is that with a provider, it has all the information on Authorization Server, so Resource Server knows how to communicate with it. E.g., what URL to hit when validating a token \n \n Figure 4 - Create a Provider \n https://as.abbagmbh.de points to the LB VIP we created earlier on for the Authorization Server. \n When creating the ‘OAuth Server’ configuration, fill in the ‘Resource Server ID’ and ‘Resource Server Secret’ values by copying them from the previous step when we configured under the ‘OAuth Authorization Server’ menu. \n \n Figure 5 - Create an OAuth Server (Resource Server) \n The above concludes the Resource Server configuration. \n Access Profiles \n We need to create two access profiles, one for Authorization Server and the other for Resource Server. \n For Authorization Server, select ‘LTM-APM’ type, associate an OAuth Profile created earlier and leave the rest as default. \n The Access policy shown below is simple, the result is that an access token will be issued if client_id and client_secret in the request check out. \n \n \n \n \n Figure 6 – Access policy for Authorization Server \n For Resource Server, select ‘LTM-APM’ type and leave the rest as default. \n For the access policy, use ‘OAuth Scope’ type (I renamed it as OAuth Token Check), set token validation mode as ‘external’, select the Resource Server we created earlier on. \n Figure 7 - Resource Server access policy \n \n Figure 8 - Token validation \n The above concludes a very basic setup of Resource Server. \n Scope \n In OAuth 2.0, scope is used to limit the level of access granted to an access token. For instance, you can use a ‘READ’ scope that allows API calls via HTTP GET, and a ‘WRITE’ scope that allows HTTP POST API calls. \n The full list of supported scopes should be communicated to the Client as defined on the Authorization Server. \n When Client is asking for an access token, it will include scope as part of the request parameter. If scope is not included, the Authorization Server either process the request using a pre-defined default value or fail the request indicating an invalid scope. \n Once access token is issued with the requested scope, it is sent to the Resource Server and it is incumbent upon the Resource Server to do something about it. \n Take the prior ‘READ’ and ‘WRITE’ scopes as an example, the Resource Server will need to block POST API calls if the scope is ‘READ’. \n Scope in essense is a literal string of key value pair, the string itself is defined per implementation. Once it is defined on the Authorization Server, it needs to be communicated to the Client, so the Client will know what scopes are available to use; it also needs to be communicated to the Resource Server as well, as it will implement enforcement per design. \n In this article, I am only introducing scope at a conceptual level to keep it short. \n The BIG-IP APM does however provide a full set of functions to support scope management. \n Testing \n So far, we have created two LB VIP’s, one as an Authorization Server, and the other as a Resource Server. \n \n Figure 9 - LB VIP \n We created two access profiles, with each attached to the associated LB VIP. \n \n Figure 10 - ROPC profile attach\n \n Figure 11 - Resource Server profile attach\n On Postman, we use the following to get an access token from the Authorization Server’s token URL (https://ropcas.abbagnbh.de/f5-oauth2/v1/token) See Figure 4. \n \n Figure 12 - Postman get Access Token \n Below shows the access token is obtained. \n \n Figure 13 - Postman token obtained \n Let’s use this token with our API request. \n \n Figure 14 - Postman send API request with access token \n The API server is programmed to print out the API request itself. \n \n Figure 15 - API server response \n On the APM, if you go to Access => Overview => OAuth Reports => Tokens, you will see the token as ‘ACTIVE’. \n \n Figure 16 - APM OAuth Token report \n Conclusion \n In this article, we started at high level on what comprises API security defined by Gartner, which comes down to API Threat Protection and API Access Control. \n F5 has WAAP as a SaaS offering to address API Threat Protection and the BIG-IP APM provides a highly capable solution for API Access Control. \n I have explained the concept around API Access Control using OAuth 2.0, as well as a specific use case on non-interactive machine to machine API access control. \n I hope you will find this article of value and please reach out with comments or your sales team if you have a need around implementing API Security. \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"14597","kudosSumWeight":5,"repliesCount":1,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNTZpMzU4MzY5MzZBRDE2QTc5MA?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNTdpQjQxREU1QTIyQjM4RENGMw?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNThpMzJCQ0Y0RDRCQURDRDE1Mg?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNTlpQzI3NjUyMEVGMTdENzgzMg?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNjBpRjIzQjE4Qzg1QTM2ODRERQ?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNjFpQ0E2NjMyRUZENkYwODZDMw?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNjJpOEMxQUM3OTIyQkU5RTM2Mg?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNjNpRkY3RDY2NjNCM0VBOTFBRQ?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzRpMUU0MkY4OUMwMDFDQkJCMA?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNDlpODE0RTlDRTU4ODQ5QzdDMQ?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNTBpRTcyQzE2QzYzRTU0MTdBNA?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzVpOTdDNEVCOEI3RUYxMDhERA?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzZpMzdFODdEOEFGQzM1QkE1Rg?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzdpOENFNDZBOUQ2RTBCMDQzNg?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzhpOUE1NTFBOUI1NkY5OTRBRQ?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY2NjYtMjEyNzlpMUFDNjVFMzhDNzE4RURDRA?revision=9\"}"}}],"totalCount":16,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:311403":{"__typename":"Conversation","id":"conversation:311403","topic":{"__typename":"TkbTopicMessage","uid":311403},"lastPostingActivityTime":"2025-01-14T15:13:26.393-08:00","solved":false},"TkbTopicMessage:message:311403":{"__typename":"TkbTopicMessage","subject":"Mitigating OWASP Web Application Security Top 10 – 2021 risks using F5 Distributed Cloud Platform","conversation":{"__ref":"Conversation:conversation:311403"},"id":"message:311403","revisionNum":12,"uid":311403,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:194786"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":3295},"postTime":"2023-03-21T05:00:00.039-07:00","lastPublishTime":"2023-07-17T10:59:52.851-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Overview: \n In the early 90’s, applications were in dormant phase and JavaScript & XML were dominating this technology. But in 1999, the first web application was introduced after the release of the Java language in 1995. Later with the adoption of new languages like Ajax, HTML, Node, Angular, SQL, Go, Python, etc. and availability of web application frameworks have boosted application development, deployment, and release to production. With the evolving software technologies, modern web applications are becoming more and more innovative, providing users with a grand new experience and ridiculously ease of interface. With these leading-edge technologies, novel exploit surfaces are also exposed which made them a primary target for intruders/hackers. Application safeguarding against all these common exploits is a necessary step in protecting backend application data. Open Worldwide Application Security Project (OWASP) is one of those security practices which protects application with above issues. This article is the first part of the series and covers OWASP evolution, its importance and overview of top 10 categories. \n Before diving into OWASP Web Application Security Top 10, let’s time travel to era of 1990’s and try to identify challenges the application customers, developers and users were facing. Below are some of them: \n \n Rapid and diversified cyber-attacks has become a major concern and monitoring/categorizing them was difficult \n Product owners are concerned about application security & availability and are in desperate need of a checklist/report to understand their application security posture \n Developers are looking for recommendations to securely develop code before running into security flaws in production \n No consolidated repo to manage, document and provide research insights for every security vulnerability \n \n After running into the above concerns, people across the globe have come together in 2001 and formed an international open-source community OWASP. It’s a non-profit foundation which has people from different backgrounds like developers, evangelist, security experts, etc. The main agenda for this community is to solve application related issues by providing: \n \n Regularly updating “OWASP TOP 10” report which provides insights of latest top 10 security issues in web applications \n Report also provides security recommendations to protect them from these issues \n Consolidated monitoring and tracking of application vulnerabilities \n Conducting events, trainings and conferences around the world to discuss, solve and provide preventive recommendations for latest security issues \n OWASP also provides security tools, research papers, libraries, cheat sheets, books, presentations and videos covering application security testing, secure development, and secure code review \n \n \n OWASP WEB SECURITY TOP 10 2021: \n With the rapid increase of cyber-attacks and because of dynamic report updates, OWASP gained immense popularity and is considered as one of the top security aspects which application companies are following to protect their modern applications against known security issues. \n Periodically they release their Top 10 vulnerabilities report and below are the latest Top 10 - 2021 categories with their summary: \n \n A01:2021-Broken Access Control \n \n Access controls enforce policy such that users cannot act outside of their intended permissions. Also called authorization, it allows or denies access to your application's features and resources. Misuse of access control enables unauthorized access to sensitive information, privilege escalation and illegal file executions. \n Check this article on protection against broken access vulnerabilities \n \n A02:2021-Cryptographic Failures \n \n In 2017 OWASP top 10 report, this attack was known as Sensitive Data Exposure, which focuses on failures related to cryptography leading to exposure of sensitive data. \n Check this article on cryptographic failures \n \n A03:2021-Injection \n \n An application is vulnerable to injection if user data and schema is not validated by the application. Some of the common injections are XSS, SQL, NoSQL, OS command, Object Relational Mapping (ORM), etc., causing data breaches and loss of revenue. \n Check this article on safeguarding against injection exploits \n \n A04:2021-Insecure Design \n \n During the development cycle, some phases might be reduced in scope which leads to some of the vulnerabilities. Insecure Design represents the weaknesses i.e., lack of security controls which are not tracked in other categories throughout the development cycle. \n Check this article on design flaws and mitigation \n \n A05:2021-Security Misconfiguration \n \n This occurs when security best practices are overlooked allowing attackers to get into the system utilizing the loopholes. XML External Entities (XXE), which was previously a Top 10 category, is now a part of security misconfiguration. \n Check this article on protection against misconfiguration vulnerabilities \n \n A06:2021-Vulnerable and Outdated Components \n \n Applications used in enterprises are prone to threats such as code injection, buffer overflow, command injection and cross-site scripting from unsupported, out of date open-source components and known exploited vulnerabilities. Utilizing components with security issues makes the application itself vulnerable. Intruders will take use of this defects and exploit the deprecated packages thereby gaining access to backend applications. \n Check this article on finding outdated components \n \n A07:2021-Identification and Authentication Failures \n \n Confirmation of the user's identity, authentication, authorization and session management is critical to protect applications against authentication-related attacks. Apps without valid authorization, use of default credentials and unable to detect bot traffic are some of the scenarios in this category. \n Check this article on identifying and protection against bots \n \n A08:2021-Software and Data Integrity Failures \n \n Software and data integrity failures occurs when updates are pushed to the deployment pipeline without verifying its integrity. Insecure Deserialization, which was a separate category in OWASP 2017, has now become a part of this larger category set. \n Check this article on software failures protection \n \n A09:2021-Security Logging and Monitoring Failures \n \n As a best recommendation, we shall always log all incoming request details and monitor application for fraudulent transactions, invalid logins, etc. to identify if there are any attacks or breaches. Applications without logging capabilities provide opportunities to the attackers to exploit the application and may lead to many security concerns. Without logging and monitoring we won’t be able to validate the application traffic and can’t identify the source of the breach. \n Check this article for identifying logging issues \n \n A10:2021-Server-Side Request Forgery \n \n Server-Side Request Forgery (SSRF) attack is a technique which allows intruders to manipulate the server-side application vulnerability and make a malicious request to the internal-only resources. Attacker exploits this flaw by modifying/crafting a URL which forces the server to retrieve and disclose sensitive information. \n Check this article which focusses on SSRF mitigation \n NOTE: This is an overview article of this OWASP series, check the below links to prevent these vulnerabilities using F5 Distributed Cloud Platform. \n OWASP Web Application Security Series: \n \n Broken access mitigation \n Cryptographic failures \n Injection mitigation \n Insecure design mitigation \n Security misconfiguration prevention \n Vulnerable and outdated components \n Identification failures prevention \n Software failures mitigation \n Security logging issues prevention \n SSRF Mitigation \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"8250","kudosSumWeight":6,"repliesCount":1,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:338320":{"__typename":"Conversation","id":"conversation:338320","topic":{"__typename":"TkbTopicMessage","uid":338320},"lastPostingActivityTime":"2025-01-14T10:25:58.835-08:00","solved":false},"User:user:189442":{"__typename":"User","uid":189442,"login":"Greg_Coward","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xODk0NDItOHNzWXY0?image-coordinates=250%2C0%2C1960%2C1710"},"id":"user:189442"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtTElCdUtx?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtTElCdUtx?revision=34","title":"image1.png","associationType":"BODY","width":1917,"height":928,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtNzFkcUtQ?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtNzFkcUtQ?revision=34","title":"Screenshot 2024-12-10 at 4.09.46 PM.png","associationType":"BODY","width":1655,"height":246,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtTUg5QUJ3?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtTUg5QUJ3?revision=34","title":"Screenshot 2024-12-10 at 4.10.20 PM.png","associationType":"BODY","width":396,"height":225,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtdUVHbGVh?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtdUVHbGVh?revision=34","title":"Screenshot 2024-12-10 at 4.11.01 PM.png","associationType":"BODY","width":1410,"height":326,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtWFg0SFlz?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtWFg0SFlz?revision=34","title":"Screenshot 2024-12-10 at 4.18.40 PM.png","associationType":"BODY","width":818,"height":839,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtc2Vhc2Zk?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtc2Vhc2Zk?revision=34","title":"Screenshot 2024-12-10 at 4.20.05 PM.png","associationType":"BODY","width":845,"height":874,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtWWY2NWFF?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtWWY2NWFF?revision=34","title":"Screenshot 2024-12-10 at 4.22.36 PM.png","associationType":"BODY","width":864,"height":873,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtR1hhcE9X?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtR1hhcE9X?revision=34","title":"Screenshot 2024-12-10 at 4.25.32 PM.png","associationType":"BODY","width":977,"height":585,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtQ2lEa0xk?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtQ2lEa0xk?revision=34","title":"Screenshot 2024-12-10 at 4.26.46 PM.png","associationType":"BODY","width":1387,"height":169,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtU0VZcW9C?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtU0VZcW9C?revision=34","title":"Screenshot 2024-12-10 at 4.27.59 PM.png","associationType":"BODY","width":1396,"height":214,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtWUtzZmVD?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtWUtzZmVD?revision=34","title":"Screenshot 2024-12-11 at 4.50.44 PM.png","associationType":"BODY","width":1915,"height":846,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtTFRrUUJN?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtTFRrUUJN?revision=34","title":"Screenshot 2024-12-10 at 5.18.29 PM.png","associationType":"BODY","width":868,"height":232,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtRWdvcWxa?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtRWdvcWxa?revision=34","title":"Screenshot 2024-12-10 at 5.15.48 PM.png","associationType":"BODY","width":999,"height":804,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtQjl3THk4?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtQjl3THk4?revision=34","title":"Screenshot 2024-12-10 at 5.19.21 PM.png","associationType":"BODY","width":1988,"height":464,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtMm9YYU9R?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtMm9YYU9R?revision=34","title":"Screenshot 2024-12-10 at 5.23.53 PM.png","associationType":"BODY","width":1650,"height":222,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtOElSaUNi?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtOElSaUNi?revision=34","title":"Screenshot 2024-12-10 at 5.25.49 PM.png","associationType":"BODY","width":1672,"height":1548,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtU2JGZ0Va?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtU2JGZ0Va?revision=34","title":"Screenshot 2024-12-11 at 3.25.34 PM.png","associationType":"BODY","width":804,"height":313,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtU0NqZDJ5?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtU0NqZDJ5?revision=34","title":"Screenshot 2024-12-11 at 3.28.18 PM.png","associationType":"BODY","width":1903,"height":807,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtM0lZbGtk?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtM0lZbGtk?revision=34","title":"Screenshot 2024-12-11 at 5.26.15 PM.png","associationType":"BODY","width":1916,"height":794,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtTHRTMmVv?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtTHRTMmVv?revision=34","title":"Screenshot 2024-12-11 at 5.33.46 PM.png","associationType":"BODY","width":1256,"height":806,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtQk91QVlK?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtQk91QVlK?revision=34","title":"Screenshot 2024-12-11 at 5.35.38 PM.png","associationType":"BODY","width":1242,"height":835,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtN0psanFj?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtN0psanFj?revision=34","title":"Screenshot 2024-12-11 at 6.12.04 PM.png","associationType":"BODY","width":877,"height":345,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtV3RYWDVS?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtV3RYWDVS?revision=34","title":"Screenshot 2024-12-11 at 6.16.35 PM.png","associationType":"BODY","width":1151,"height":700,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtZnZJV1gy?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtZnZJV1gy?revision=34","title":"Screenshot 2024-12-11 at 6.17.46 PM.png","associationType":"BODY","width":1160,"height":602,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtVEFwVU5t?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtVEFwVU5t?revision=34","title":"Screenshot 2025-01-14 at 9.54.18 AM.png","associationType":"BODY","width":1241,"height":762,"altText":""},"TkbTopicMessage:message:338320":{"__typename":"TkbTopicMessage","subject":"How I did it - “Delivering Kasm Workspaces three ways”","conversation":{"__ref":"Conversation:conversation:338320"},"id":"message:338320","revisionNum":34,"uid":338320,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:189442"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Securing modern, containerized platforms like Kasm Workspaces requires a robust and multi-faceted approach to ensure performance, reliability, and data protection. In this edition of \"How I did it\" we'll see how F5 technologies can enhance the security and scalability of Kasm Workspaces deployments. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":289},"postTime":"2024-12-23T05:00:00.031-08:00","lastPublishTime":"2025-01-14T10:25:58.835-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Securing modern, containerized platforms like Kasm Workspaces requires a robust and multi-faceted approach to ensure performance, reliability, and data protection. In this edition of \"How I did it\" we'll see how F5 technologies can enhance the security and scalability of Kasm Workspaces deployments. We’ll start by detailing how F5 BIG-IP TMOS can fortify network and application traffic; then move to securing Kubernetes-based Kasm Workspaces with the NGINX Plus Ingress Controller. Finally, we’ll demonstrate how F5 Distributed Cloud Services can deliver a comprehensive solution for secure and efficient application delivery. \n \n Kasm Workspaces \n Kasm Workspaces is a containerized streaming platform designed for secure, web-based access to desktops, applications, and web browsing. It leverages container technology to deliver virtualized environments directly to users' browsers, enhancing security, scalability, and performance. Commonly used for remote work, cybersecurity, and DevOps workflows, Kasm Workspaces provides a flexible and customizable solution for organizations needing secure and efficient access to virtual resources. \n \n Let me count the ways.... \n As noted in the Kasm documentation, the Kasm Workspaces Web App Role servers should not be exposed directly to the public. To address this requirement, F5 provides a variety of solutions to secure and deliver Kasm web servers. For the remainder of this article, we'll take a look at three of these solutions. \n \n \n Kasm Workspaces with F5 BIG-IP and FAST Templates \n \n \n Kasm Workspaces running on K8s with NGINX Plus Ingress Controller \n \n \n Bringing it all together with F5 Distributed Cloud Services \n \n \n \n Kasm Workspaces with F5 BIG-IP and FAST Templates \n For the following walkthrough, I utilized the F5 BIG-IP, (ver. 17.1.1.4 Build 0.0.9) to deliver and secure my on-premises Kasm Workspaces installation. While I could configure the various BIG-IP resources (virtual server, pool members, profiles, etc.) manually, I elected to utilize the BIG-IP Automation Toolchain to greatly simplify my deployment. \n The F5 BIG-IP Automation Toolchain is a suite of tools designed to automate the deployment, configuration, and management of F5 BIG-IP devices. It enables efficient and consistent management through the use of declarative APIs, templates, and integrations with popular automation frameworks. Specifically, I'll used AS3 and FAST templates. Application services (FAST) templates are predefined configurations that streamline the deployment and management of applications by providing consistent and repeatable setups. \n \n \n \n \n \n F5 BIG-IP Application Services Templates (FAST) \n \n \n F5 BIG-IP Application Services 3 Extension (AS3) \n \n \n \n \n \n As a prerequisite, I downloaded and installed the above packages (delivered as RPMs) onto the BIG-IP, (see below). \n \n With the RPMs installed, I was ready to deploy my application. From the side menu bar of the BIG-IP UI I navigated to 'iApps' --> 'Application Services' --> 'Applications LX' and selected 'F5 Application Services Templates'. \n \n From the provided templates, I selected the 'HTTP Application Template', (see below). The rest was a simple matter of completing and deploying the template. \n \n I needed to provide a tenant, (partition) name, application name, VIP address and listening port. \n \n I selected a previously installed certificate/key combination and enable client-side TLS. Since I'm using SAML federation between my Kasm Workspaces and Microsoft Entra ID, I have elected to enable TLS for server-side connections as well. Additionally, I provided the backend Kasm server address and port (see below). \n \n I created a custom HTTPs health monitor and associate with the Kasm backend pool. The send string makes a GET request to the Kasm healthcheck API (see below). \n \n Send String = GET /api/__healthcheck\\r\\n \n Receive String = OK \n \n \n I enabled and associated a template-generated WAF policy, enabled BOT defense and configured logging options. \n \n With the highlighted fields completed, I navigated back to the top of the template and selected 'Deploy', \n \n With the template successfully deployed, my application is ready to test. \n \n Video Walkthrough \n Want to get a feel for it before trying yourself? The video below provides a step-by-step walkthrough of the above deployment. \n \n \n \n Kasm Workspaces running on K8s with NGINX Plus Ingress Controller \n Both Kasm and F5 provide Helm charts for simplified deployments of Kasm Workspaces and NGINX Ingress Controller on Kubernetes. \n Create Kubernetes Secrets \n From the MyF5 Portal, I navigated to your subscription details, and downloaded the relevant .JWT file. With the JWT token in hand, I created the docker registry secret. This will be used to pull NGINX Plus IC from the private registry. \n kubectl create secret docker-registry regcred --docker-server=private-registry.nginx.com --docker-username=<jwt token=\"\"> --docker-password=none </jwt> \n I needed to create a Kubernetes TLS secret to use with my NGINX-hosted endpoint (kasmn.f5demo.net). I used the command below to create the secret. \n kubectl create secret tls tls-secret --cert=/users/coward/certificates/combined-cert.pem --key=/users/coward/certificates/combined-key.pem \n Once created, I used the command 'kubectl get secret' to verify the secrets were successfully created. \n \n \n \n \n \n Update K8s Custom Resource Definitions \n I ran the following command to update the CRDs required to deploy and operate the NGINX Ingress Controller. \n kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.7.2/deploy/crds.yaml \n Deploy NGINX Plus Ingress Controller \n Prior to deploying the NGINX Helm chart, I needed to navigate to the repo folder and modify a few settings in the 'values.yaml' file. To deploy NGINX Plus Ingress Controller with (NAP) I specified a repo image, set the 'nginxplus' flag to true and enabled NGINX App Protect. \n \n I used the below command to deploy the Helm chart. \n helm install nginx . \n Once deployed, I used the command, 'kubectl get svc' to view the NGINX service and capture the external IP assigned (see below). For this example, the DNS entry, 'kasmn.f5demo.net' was updated to reflect the assigned IP address. \n \n Deploy Kasm Workspaces \n For this example, I have deployed an Azure AKS cluster to host my Kasm Workspaces application. Prior to deploying the Kasm Helm chart, I created a file in the 'templates' directory defining a VirtualServer resource. The VirtualServer resource defines load balancing configuration for a domain name, such as f5demo.net and maps the backend K8s service with the NGINX Ingress Controller. \n I navigated to the 'templates' directory and created the file (virtualserver.yaml) using the contents below. \n apiVersion: k8s.nginx.org/v1 \nkind: VirtualServer \nmetadata: \n name: {{ .Values.kasmApp.name | default \"kasm\" }}-virtualserver\n namespace: {{ .Values.global.namespace | default .Release.Namespace }}\n labels:\n app.kubernetes.io/name: {{ .Values.kasmApp.name }}-virtualserver\n{{- include \"kasm.defaultLabels\" . | indent 4 }}\nspec: \n host: {{ .Values.global.hostname | quote }}\n tls: \n secret: tls-secret \n gunzip: on \n upstreams: \n - name: kasm-proxy\n service: kasm-proxy\n port: 8080\n routes: \n - path: /\n action: \n pass: kasm-proxy\n \n With the file created and saved, I was ready to deploy the Kasm Helm chart. \n \n I navigated to the parent repo folder and used the following command to deploy the chart. \n helm install kasm kasm-single-zone \n With the deployment complete, I am ready to test access to the Kasm Workspaces UI. \n \n Video Walkthrough \n The video below provides a step-by-step walkthrough of the above deployment. \n \n \n Bringing it all together with F5 Distributed Cloud Services \n F5 Distributed Cloud Services (F5 XC) facilitates the deployment of applications across on-premises, cloud, and colocation facilities by offering a unified platform that integrates networking, security, and application delivery services. This approach ensures consistent performance, security, and management regardless of the deployment environment, enabling seamless hybrid and multi-cloud operations. \n For this demonstration, I used F5 XC to secure and publish globally both my on-premises and Azure AKS-hosted Kasm workloads using a single HTTP load balancer. \n Customer Edge (CE) Sites \n To publish my Kasm Workspace application with F5 XC I first needed to establish secure connectivity between my on-premises and Azure AKS environments and the F5 Distributed Cloud. To accomplish this, I have deployed CE devices and created a Customer Edge site in each location. \n \n Origin Pool \n I created two origin pools with a custom health check that will be associated to the load balancer. The first origin pool references the Kasm Workspace Web App server located on-premises. As shown below, the server is located behind and reached via the Customer edge site connection. Additionally, like the BIG-IP deployment scenario, I configured the connection to the backend server to use TLS. \n \n I have created a second origin pool referencing the AKS-hosted workload, (see below). I've used K8s Service Discovery to expose the Kasm-proxy K8s service. \n \n Custom Health Check \n \n HTTP Load Balancer \n With my origin pools created, I configured the load balancer. Similar to a BIG-IP virtual server, I used the HTTP load balancer to create a public-facing endpoint, associate backend origin pool(s) and apply various security policies and profiles. \n As shown below, I provided a load balancer’s name and domain name. Additionally, I have enabled automatic certificate generation for the domain name specified. I’ve enabled HTTP to HTTPS redirection and specified the port of the backend server(s). \n \n I associated both origin pools. Incoming connections will be directed to both my on-premises and AKS-hosted Kasm Workspace servers based on the load balancing algorithm selected. As an option, I can modify the weight and priorities of my backend pools. \n For additional security, I've enabled WAF and specified and a policy. Additionally, I have enabled API discovery and DDOS protection. \n \n \n \n\n To establish workspace connectivity, I\"ll need to configure routing and enable WebSockets. Under 'Routes', I selected 'Edit Configuration'. I configured a simple route and associated the origin pool(s), (see below). \n \n I navigated down and selected 'Advanced Options'. From the 'Advanced Options' page, I scrolled down to \"Protocol Upgrades' and enabled WebSockets, (see below). \n \n I selected 'Apply' twice and verified the route settings, (see below) and selected 'Apply' again to return to the load balancer configuration page. \n \n With respect to VIP advertisement, I elected to publish my Kasm Workspaces deployment publicly. \n \n Once configured and saved (and allowing a few minutes to deploy) the application is ready for testing. \n \n Video Walkthrough \n The video below provides a step-by-step walkthrough of the above deployment. \n \n Additional Links \n \n Kasm Workspaces \n F5 BIG-IP Application Services 3 Extension Documentation (AS3) \n F5 BIG-IP Application Services Templates (FAST) \n Kasm K8s Helm Chart \n NGINX Plus Ingress Controller \n NGINX Plus Ingress Controller Helm Chart Deployment \n F5 Distributed Cloud Services \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"11810","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtTElCdUtx?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtNzFkcUtQ?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtTUg5QUJ3?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtdUVHbGVh?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtWFg0SFlz?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtc2Vhc2Zk?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtWWY2NWFF?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtR1hhcE9X?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtQ2lEa0xk?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtU0VZcW9C?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtWUtzZmVD?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtTFRrUUJN?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtRWdvcWxa?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtQjl3THk4?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtMm9YYU9R?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtOElSaUNi?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtU2JGZ0Va?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxOA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtU0NqZDJ5?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxOQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtM0lZbGtk?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyMA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtTHRTMmVv?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyMQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtQk91QVlK?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyMg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtN0psanFj?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyMw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtV3RYWDVS?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyNA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtZnZJV1gy?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyNQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzMjAtVEFwVU5t?revision=34\"}"}}],"totalCount":30,"pageInfo":{"__typename":"PageInfo","hasNextPage":true,"endCursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyNQ","hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:339024":{"__typename":"Conversation","id":"conversation:339024","topic":{"__typename":"TkbTopicMessage","uid":339024},"lastPostingActivityTime":"2025-01-13T15:17:22.470-08:00","solved":false},"User:user:173018":{"__typename":"User","uid":173018,"login":"AubreyKingF5","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xNzMwMTgtM1pXcDFQ?image-coordinates=0%2C0%2C2316%2C2315"},"id":"user:173018"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkwMjQtQVFaU3Vj?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkwMjQtQVFaU3Vj?revision=4","title":"AIFri-2.jpg","associationType":"TEASER","width":848,"height":483,"altText":""},"TkbTopicMessage:message:339024":{"__typename":"TkbTopicMessage","subject":"AI Friday Episode 3: Snowstorms, Truth Terminal, MCP & AGI Insights","conversation":{"__ref":"Conversation:conversation:339024"},"id":"message:339024","revisionNum":4,"uid":339024,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:173018"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":75},"postTime":"2025-01-10T15:45:20.634-08:00","lastPublishTime":"2025-01-13T15:17:22.470-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Welcome to AI Friday! \n This week, we delve into the latest and most intriguing developments in the AI world. From discussing the impact of snowstorms in Texas to exploring the fascinating story of Truth Terminal, this episode is packed with insights and humor. Join us as we find out what Model Context Protocol (MCP) can do, look at the effects of AGI claims, and study the latest in AI security. \n Don't forget to like, subscribe, and hit the notification bell to stay updated with our weekly episodes! \n Featuring Byron_McNaught, Lori_MacVittie, Joel_Moses, kenarora, Connor Hicks, and AubreyKingF5. \n This week, we discuss: \n \n ❄️ The surprising snowstorms in Texas and their impact \n 💡 Model Context Protocol (MCP) with a DEMO! \n 📈 The bold claims of AGI and what it means for the future \n 💰 The intriguing story of Truth Terminal and its unexpected success \n 🔒 Cutting-edge AI security techniques and jailbreaksAffordable AI Acceleration \n Creepy AI Wearables \n What LLMs Will Do For Likes... \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"1034","kudosSumWeight":0,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkwMjQtQVFaU3Vj?revision=4\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:338838":{"__typename":"Conversation","id":"conversation:338838","topic":{"__typename":"TkbTopicMessage","uid":338838},"lastPostingActivityTime":"2025-01-13T05:00:00.042-08:00","solved":false},"User:user:195330":{"__typename":"User","uid":195330,"login":"momahdy","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xOTUzMzAtaENpUGx2?image-coordinates=0%2C588%2C1080%2C1668"},"id":"user:195330"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtTklXR3Ix?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtTklXR3Ix?revision=2","title":"image.png","associationType":"BODY","width":1378,"height":1108,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtMGRkSUlF?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtMGRkSUlF?revision=2","title":"image.png","associationType":"BODY","width":1229,"height":336,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4Mzgtb2VwQ3dD?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4Mzgtb2VwQ3dD?revision=2","title":"image.png","associationType":"BODY","width":2809,"height":1862,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtSDJoeWc0?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtSDJoeWc0?revision=2","title":"image.png","associationType":"BODY","width":3030,"height":737,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4Mzgta1M4dnNw?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4Mzgta1M4dnNw?revision=2","title":"image.png","associationType":"BODY","width":2553,"height":1793,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtaEZxMlJ3?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtaEZxMlJ3?revision=2","title":"image.png","associationType":"BODY","width":3485,"height":1009,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtVFhDYmFS?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtVFhDYmFS?revision=2","title":"image.png","associationType":"BODY","width":3210,"height":976,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtSXZYcFIw?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtSXZYcFIw?revision=2","title":"image.png","associationType":"BODY","width":3554,"height":660,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtVFl4VllP?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtVFl4VllP?revision=2","title":"image.png","associationType":"BODY","width":2579,"height":520,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4Mzgtd3VlOHJj?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4Mzgtd3VlOHJj?revision=2","title":"image.png","associationType":"BODY","width":2654,"height":1883,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtanVtNkRm?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtanVtNkRm?revision=2","title":"image.png","associationType":"BODY","width":2807,"height":876,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgteDBFaXFG?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgteDBFaXFG?revision=2","title":"image.png","associationType":"BODY","width":2780,"height":245,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtOEg4NEVT?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtOEg4NEVT?revision=2","title":"image.png","associationType":"BODY","width":1449,"height":1171,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtMGFNZUJj?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtMGFNZUJj?revision=2","title":"image.png","associationType":"BODY","width":3202,"height":1135,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtWHQ4RmZG?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtWHQ4RmZG?revision=2","title":"image.png","associationType":"BODY","width":2006,"height":295,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtcGQ1TzFl?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtcGQ1TzFl?revision=2","title":"image.png","associationType":"BODY","width":2222,"height":411,"altText":""},"TkbTopicMessage:message:338838":{"__typename":"TkbTopicMessage","subject":"F5 Distributed Cloud JA4 detection for enhanced performance and detection","conversation":{"__ref":"Conversation:conversation:338838"},"id":"message:338838","revisionNum":2,"uid":338838,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:195330"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":202},"postTime":"2025-01-13T05:00:00.042-08:00","lastPublishTime":"2025-01-13T05:00:00.042-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" JA4+ is a suite of network fingerprinting methods. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use cases for these fingerprints include scanning for threat actors, malware detection, session hijacking prevention, compliance automation, location tracking, DDoS detection, grouping of threat actors, reverse shell detection, and many more. \n \n Introduction \n In a previous article, Identity-Aware decisions with JA4+ we discussed using JA4 fingerprints with BIG-IP. In this article, we are exploring the use of JA4 in F5 Distributed Cloud. \n A very useful use case for using JA4 in F5 Distributed Cloud is explained at F5 App Connect and NetApp S3 Storage – Secured Scalable AI RAG. \n Let's go through the steps of getting the JA4 fingerprints applied to a traffic sample. \n \n Implementation \n In this example we are using NGINX instance deployed via F5 Distributed Cloud Distributed Apps. \n \n Deploy Virtual K8s through Distributed Apps. \n Create service policy with the matching JA4 fingerprints to block.\n \n JA4 Database can be found over here JA4 Database \n \n \n \n Service policy creation \n \n From Distributed Cloud UI > Distributed Apps > Manage > Service Policies > Service Policies \n \n \n Add Service Policy \n Add name: ja4-service-policy \n Under rules, select Custom rules and then click configure \n \n \n \n Click Add item \n Update the below, \n \n Add name, Actions. \n Show advanced fields in the client section. \n TLS Fingerprint Matcher: JA4 TLS Fingerprint \n \n \n \n Click Configure JA4 TLS Fingerprint \n \n \n Click Add item and match the needed JA4 fingerprint. In our case, we are blocking curl, wget fingerprints. \n \n \n \n Click Apply, to save, then Save, and Exit. \n \n \n Now, we attach the service policy to our HTTP Load balancer. \n \n Manage > HTTP Loadbalancer > Click Manage configurations \n Click Edit Configurations \n \n \n At Common Security Controls section, Select Apply Service Policies and click Edit Configurations. \n \n \n Select the configured policy, then Apply. \n \n \n Testing \n \n From Firefox browser \n From Ubuntu using curl \n Observing logs from F5 Distributed Cloud\n \n From HTTP Loadbalancers > select the created loadbalancer and click Security Monitoring \n Click Security Events to check the requests \n \n \n You can see the events with the requests and client information \n From Action column, you can select Explain with AI to gain further information and recommendations. \n \n \n \n \n We have the service policy configured and attached. It can be attached as well to different component for client identification as well. \n \n Related Content \n \n F5 App Connect and NetApp S3 Storage – Secured Scalable AI RAG | DevCentral \n Fingerprint TLS Clients with JA4 on F5 BIG-IP using iRules \n JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation | DevCentral \n Identity-Aware decisions with JA4+ | DevCentral \n Setting Up A Basic Customer Edge To Run vk8s in F5 Distributed Cloud App Stack | DevCentral \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"3372","kudosSumWeight":0,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtTklXR3Ix?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtMGRkSUlF?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4Mzgtb2VwQ3dD?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtSDJoeWc0?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4Mzgta1M4dnNw?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtaEZxMlJ3?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtVFhDYmFS?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtSXZYcFIw?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtVFl4VllP?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4Mzgtd3VlOHJj?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtanVtNkRm?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgteDBFaXFG?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtOEg4NEVT?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtMGFNZUJj?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtWHQ4RmZG?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzg4MzgtcGQ1TzFl?revision=2\"}"}}],"totalCount":16,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:297214":{"__typename":"Conversation","id":"conversation:297214","topic":{"__typename":"TkbTopicMessage","uid":297214},"lastPostingActivityTime":"2025-01-08T11:23:44.147-08:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNjdpQzc3NjM0RTg4QkQ3MkNGRQ?revision=15\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNjdpQzc3NjM0RTg4QkQ3MkNGRQ?revision=15","title":"loginPage.jpg","associationType":"BODY","width":3624,"height":1728,"altText":"loginPage.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNjhpRkU5NkVFOTc4RDFBOUY3Rg?revision=15\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNjhpRkU5NkVFOTc4RDFBOUY3Rg?revision=15","title":"loginPage2.jpg","associationType":"BODY","width":3670,"height":2105,"altText":"loginPage2.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNTlpMDA2QkNCRDBGQjM4NTVDNQ?revision=15\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNTlpMDA2QkNCRDBGQjM4NTVDNQ?revision=15","title":"Mohammed_Janiba_2-1655901940142.png","associationType":"BODY","width":1600,"height":285,"altText":"Mohammed_Janiba_2-1655901940142.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNjlpNTE1NjY2MEI5QzdCQjNGRQ?revision=15\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNjlpNTE1NjY2MEI5QzdCQjNGRQ?revision=15","title":"fileupload.jpg","associationType":"BODY","width":2266,"height":1561,"altText":"fileupload.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNzVpNUJCNDc1Qzk5QTBGNEM2OQ?revision=15\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNzVpNUJCNDc1Qzk5QTBGNEM2OQ?revision=15","title":"Mohammed_Janiba_14-1655903408664.png","associationType":"BODY","width":1600,"height":1322,"altText":"Mohammed_Janiba_14-1655903408664.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNzRpODI1NEU3RkY3QUFFM0FCQw?revision=15\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNzRpODI1NEU3RkY3QUFFM0FCQw?revision=15","title":"Mohammed_Janiba_13-1655903360489.png","associationType":"BODY","width":1600,"height":1047,"altText":"Mohammed_Janiba_13-1655903360489.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxOTlpQkU4MkNDMTg5Q0NENkEyOA?revision=15\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxOTlpQkU4MkNDMTg5Q0NENkEyOA?revision=15","title":"firewall.jpg","associationType":"BODY","width":3731,"height":2021,"altText":"firewall.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgyMTBpMjk5MUE5NkE4MUVENjk0NA?revision=15\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgyMTBpMjk5MUE5NkE4MUVENjk0NA?revision=15","title":"loginPage3.JPG","associationType":"BODY","width":3430,"height":1988,"altText":"loginPage3.JPG"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgyMTFpQTIxNEU2ODZDMzFDRjgyMg?revision=15\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgyMTFpQTIxNEU2ODZDMzFDRjgyMg?revision=15","title":"fileuploadblock.jpg","associationType":"BODY","width":1584,"height":595,"altText":"fileuploadblock.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgyMTJpNEZBREJFNkIzRUJBNUREMQ?revision=15\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgyMTJpNEZBREJFNkIzRUJBNUREMQ?revision=15","title":"fileuploadblock2.jpg","associationType":"BODY","width":1615,"height":490,"altText":"fileuploadblock2.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgyMDBpM0U3M0FFOTQzNjlCREQzNw?revision=15\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgyMDBpM0U3M0FFOTQzNjlCREQzNw?revision=15","title":"log.jpg","associationType":"BODY","width":3778,"height":1824,"altText":"log.jpg"},"TkbTopicMessage:message:297214":{"__typename":"TkbTopicMessage","subject":"Mitigating OWASP Web Application Risk: Broken Access attacks using F5 Distributed Cloud Platform","conversation":{"__ref":"Conversation:conversation:297214"},"id":"message:297214","revisionNum":15,"uid":297214,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:194786"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":3667},"postTime":"2022-06-29T05:00:00.025-07:00","lastPublishTime":"2025-01-08T11:23:44.147-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n This article is in continuation of the owasp series and will cover broken access control. Check here for overview article. \n \n Introduction to Broken Access Control attack: \n Access controls enforces policy such that users cannot act outside of their intended permissions. Also called authorization, allows or denies access to your application's features and resources. Misuse of access control enables: \n \n Unauthorized access to sensitive information. \n Privilege escalation. \n Illegal file executions. \n \n There are many ways to infiltrate application servers using broken access controls and we are going to focus on the 2 scenarios below and how to mitigate them. \n \n Scenario 1: Broken access + SQL injection attack \n Instead of logging with valid credentials, attacker uses SQL injection attacks to login as another standard or higher privileged user, like admin. We can also say this is broken authentication, because an attacker authenticated to a system using injection attack without providing valid credentials. \n For this demo I am using OWASP Juice shop (reference links at bottom for more info). \n Step1: \n Please follow steps suggested in Article1 to configure HTTP load balancer and WAF in cloud console. Make sure WAF is configured in Monitoring mode to generate the attack. \n Step2: \n Open a browser and navigate to the login page of the application load balancer. In the Email field provide “' OR true --” and any password as below: \n Step3: \n Validate you can login to application as administrator as below: \n \n Scenario2: File upload vulnerability \n Any file which has the capability to harm the server is a malicious file. For example, a php file which has some dangerous php functions like exec () can be considered as a malicious file as these functions can execute OS command and can remotely provide us the control of the application server. \n Suppose there is a file upload functionality in the web application and only jpeg extension file is allowed to be uploaded. Failing to properly enforce access restrictions on file properties can lead to broken access control attacks providing attackers a way to upload potentially dangerous files with different extensions. For this demo I am using DVWA as the vulnerable testing application (reference links at bottom for more info). \n \n Step by step process: \n Step1: \n Open a notepad editor and paste below contents and save to desktop as malicious.php \n Step2: \n Open a browser and navigate to the application load balancer URL. Login to DVWA application using admin/password as the credentials. Click on “File Upload” option in left side of the menu section. \n \n Step3: \n This page is used to upload images with extensions .jpeg, .png, .gif etc. But this demo application doesn’t have file restrictions enabled making attackers to upload any file extensions. \n Click on “Choose File” button and upload above created .php file. \n Step4: \n Note the location displayed in the message, open the URL in the browser and validate we can see all the users available as below. NOTE: Since this is just a demo environment, I'm using same F5 Distributed Cloud load balancer for both the demo applications by changing the IP and ports in F5 Distributed Cloud Origin pool as per my needs. That's why you can see both apps are accessible using juiceshop domain. \n \n \n Solution: \n \n To mitigate these attacks, navigate to Firewall section and in “App Firewall” configuration make sure “Enforcement Mode” is set to “Blocking” as below: \n Next in browser try to generate above scenarios and validate your request is blocked as below. Login Mitigation: Illegal File Upload mitigation: Illegal File Execution mitigations: \n In Distributed Cloud Console expand the security event and check the WAF section to understand the reason why request was blocked. \n \n \n Conclusion: \n As shown above, OWASP Top 10: Broken access control attacks can be mitigated by configuring WAF firewall in “Blocking” mode. \n \n For further information click the links below: \n \n OWASP - Broken access control \n File Upload Vulnerability \n OWASP Juice Shop \n DVWA \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"4526","kudosSumWeight":6,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNjdpQzc3NjM0RTg4QkQ3MkNGRQ?revision=15\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNjhpRkU5NkVFOTc4RDFBOUY3Rg?revision=15\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNTlpMDA2QkNCRDBGQjM4NTVDNQ?revision=15\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNjlpNTE1NjY2MEI5QzdCQjNGRQ?revision=15\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNzVpNUJCNDc1Qzk5QTBGNEM2OQ?revision=15\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxNzRpODI1NEU3RkY3QUFFM0FCQw?revision=15\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgxOTlpQkU4MkNDMTg5Q0NENkEyOA?revision=15\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgyMTBpMjk5MUE5NkE4MUVENjk0NA?revision=15\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgyMTFpQTIxNEU2ODZDMzFDRjgyMg?revision=15\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgyMTJpNEZBREJFNkIzRUJBNUREMQ?revision=15\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTcyMTQtMTgyMDBpM0U3M0FFOTQzNjlCREQzNw?revision=15\"}"}}],"totalCount":11,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:338353":{"__typename":"Conversation","id":"conversation:338353","topic":{"__typename":"TkbTopicMessage","uid":338353},"lastPostingActivityTime":"2025-01-02T16:09:26.863-08:00","solved":false},"User:user:326558":{"__typename":"User","uid":326558,"login":"Eric_Ji","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0zMjY1NTgtaDBOSjVu?image-coordinates=0%2C0%2C1110%2C1110"},"id":"user:326558"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtTXJvZ2o4?revision=60\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtTXJvZ2o4?revision=60","title":"image.png","associationType":"BODY","width":2325,"height":1011,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtOE9BVFdX?revision=60\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtOE9BVFdX?revision=60","title":"image.png","associationType":"BODY","width":2412,"height":1386,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtWDZYT0JG?revision=60\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtWDZYT0JG?revision=60","title":"image.png","associationType":"BODY","width":2013,"height":1210,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtZGV6OEJ4?revision=60\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtZGV6OEJ4?revision=60","title":"image.png","associationType":"BODY","width":1722,"height":1102,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtd0t4N0FC?revision=60\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtd0t4N0FC?revision=60","title":"image.png","associationType":"BODY","width":2564,"height":1630,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtdGZMc1lQ?revision=60\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtdGZMc1lQ?revision=60","title":"image.png","associationType":"BODY","width":1726,"height":1134,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtb3lGSkxH?revision=60\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtb3lGSkxH?revision=60","title":"image.png","associationType":"BODY","width":857,"height":965,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMteHpyb0kx?revision=60\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMteHpyb0kx?revision=60","title":"image.png","associationType":"BODY","width":1379,"height":620,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtYUVPSVJS?revision=60\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtYUVPSVJS?revision=60","title":"image (3).png","associationType":"BODY","width":1348,"height":636,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtY1NqeDJj?revision=60\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtY1NqeDJj?revision=60","title":"image (4).png","associationType":"BODY","width":540,"height":435,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtTjAxZG1E?revision=60\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtTjAxZG1E?revision=60","title":"image.png","associationType":"BODY","width":2004,"height":1054,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMteWRUcTVk?revision=60\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMteWRUcTVk?revision=60","title":"image.png","associationType":"BODY","width":3410,"height":2222,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtQzBuYmhU?revision=60\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtQzBuYmhU?revision=60","title":"image.png","associationType":"BODY","width":858,"height":650,"altText":""},"TkbTopicMessage:message:338353":{"__typename":"TkbTopicMessage","subject":"Securing Model Serving in Red Hat OpenShift AI (on ROSA) with F5 Distributed Cloud API Security","conversation":{"__ref":"Conversation:conversation:338353"},"id":"message:338353","revisionNum":60,"uid":338353,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:326558"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Learn how Red Hat OpenShift AI on ROSA and F5 Distributed Cloud API Security work together to protect generative AI model inference endpoints. This integration ensures robust API discovery, schema enforcement, LLM-aware threat detection, bot mitigation, sensitive data redaction, and continuous observability—enabling secure, compliant, and high-performance AI-driven experiences at scale. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":599},"postTime":"2024-12-18T12:01:43.571-08:00","lastPublishTime":"2024-12-18T12:01:43.571-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" As enterprises embrace Generative AI—particularly deploying large language models (LLMs) and other foundational AI models—production environments become increasingly complex. Organizations need an end-to-end MLOps platform that streamlines the entire lifecycle: developing, training, fine-tuning, and especially serving models at scale. \n Red Hat OpenShift AI (OpenShift AI) meets this need by providing a comprehensive, hybrid MLOps environment. When deployed on Red Hat OpenShift Service on AWS (ROSA), OpenShift AI takes advantage of AWS’s managed infrastructure services and cloud-native elasticity, enabling organizations to scale AI/ML workflows efficiently and cost-effectively. \n Yet, as models are served to end-users or integrated into downstream applications, security considerations become paramount. Inference endpoints may be targeted for unauthorized access, data exfiltration, or prompt manipulation. F5 Distributed Cloud addresses these challenges by offering robust capabilities—API discovery, schema enforcement, LLM-aware threat detection, bot mitigation, sensitive data redaction, and continuous observability—to ensure that inference endpoints remain secure, compliant, and high-performing. \n In this post, we will: \n \n Introduce OpenShift AI and its capabilities for AI/ML workloads with an emphasis on model serving. \n Discuss how running OpenShift AI on ROSA leverages AWS services for scalable, cost-effective AI/ML operations. \n Show how F5 Distributed Cloud API Security enhances the security posture of generative AI model inference endpoints—covering automated API discovery, schema enforcement, threat detection, rate limiting, and compliance measures. \n Demonstrate how to integrate these capabilities end-to-end, using Ollama Mistral-7B as an example model. \n \n What is Red Hat OpenShift AI for Generative AI Applications? \n Red Hat OpenShift AI is a hybrid MLOps platform designed to simplify the entire AI lifecycle. It empowers teams to train, fine-tune, deploy, serve, monitor, and continuously improve generative AI models. By merging IT operations, data science workflows, and application development practices into one platform, OpenShift AI accelerates innovation, fosters governance, and encourages collaboration—essential ingredients for delivering enterprise-grade AI solutions. \n Key Features: \n \n Hybrid MLOps Platform: Unified environment for data scientists, developers, and operators, whether you run on-premises, in the cloud, or in a hybrid setup. \n Distributed Workloads & Fine-Tuning: Scale model training and fine-tuning across distributed compute frameworks, adapting large language models to your domain’s requirements. \n Model Serving & Monitoring: Deploy and serve models at scale using technologies like KServe, ModelMesh, and a variety of specialized runtimes (OpenVINO™ Model Server, Caikit/TGIS, NVIDIA Triton Inference Server, etc.). Continuously monitor model performance, detect drift, and ensure ongoing model quality. \n Lifecycle Management & DevOps Integration: Seamlessly integrate data science pipelines with CI/CD workflows. Automate model deployment, rollout new versions safely, and achieve consistent delivery of AI-driven features. \n Enhanced Collaboration: Enable data scientists, developers, and IT Ops to work together using notebooks (JupyterLab), popular frameworks (TensorFlow, PyTorch), and unified governance, speeding up innovation and time-to-value. \n \n High-Level Architecture: OpenShift AI integrates workbenches, distributed workloads, data science pipelines, serving engines, and monitoring tools atop Kubernetes and OpenShift operators, leveraging GitOps, pipelines, service mesh, and serverless technologies. \n \n Figure 1: OpenShift AI High-Level Architecture \n Running OpenShift AI on ROSA for Scalable AI/ML Solutions \n Red Hat OpenShift Service on AWS (ROSA) brings a fully managed OpenShift environment to AWS. This allows teams to focus on building and serving AI models rather than managing infrastructure. \n Key advantages: \n \n Scalability: Seamlessly scale GPU-accelerated compute, storage, and networking resources as model serving workloads grow. \n Cost Efficiency & On-Demand Resources: Leverage Amazon EC2 instances, Amazon S3, and other AWS services only as needed, paying as you go. \n Unified Management: Offload cluster operations and lifecycle management to ROSA, ensuring reliable operations and freeing your team to concentrate on AI innovation. \n \n Security Challenges in Model Serving for Generative AI \n While OpenShift AI and ROSA simplify operations, serving AI models still raises critical security concerns: \n \n Unauthorized Access & Data Leakage: External requests to inference endpoints may attempt to extract proprietary knowledge or sensitive data from the model. \n Prompt Injection & Malicious Content: LLMs can be tricked into producing harmful or confidential outputs if the prompts are manipulated. \n Bot Attacks & Performance Risks: Automated scripts can overwhelm inference endpoints, degrade performance, or escalate costs. \n Compliance & Sensitive Data Handling: AI outputs can contain PII or regulated data, necessitating encryption, redaction, and audit trails to meet compliance demands. \n Evolving Threat Landscape: The complexity and dynamism of AI models and APIs call for continuous posture management and adaptive threat detection. \n \n Enhancing Security with F5 Distributed Cloud API Security \n F5 Distributed Cloud provides a comprehensive set of capabilities tailored for securing modern AI inference endpoints. By integrating these capabilities with OpenShift AI deployments on ROSA, organizations gain: \n \n Automated API Discovery & Posture Management:\n \n Identify all inference endpoints automatically, eliminating hidden APIs. \n Enforce schemas based on observed traffic to ensure requests and responses follow expected patterns. \n Integrate “shift-left” security checks into CI/CD pipelines, catching misconfigurations before production. \n \n \n LLM-Aware Threat Detection & Request Validation:\n \n Detect attempts to manipulate prompts or break compliance rules, ensuring suspicious requests are blocked before reaching the model. \n \n \n Bot Mitigation & Adaptive Rate Controls:\n \n Differentiate between legitimate users and bots or scrapers, blocking automated attacks. \n Dynamically adjust rate limits and policies based on usage history and real-time conditions, maintaining performance and reliability. \n \n \n Sensitive Data Redaction & Compliance:\n \n Identify and mask PII or sensitive tokens in requests and responses. \n Adhere to data protection regulations and maintain detailed logs for auditing, monitoring, and compliance reporting. \n \n \n Seamless Integration & Observability:\n \n Deploy F5 Distributed Cloud seamlessly alongside OpenShift AI on ROSA without reshuffling existing architecture. \n Use centralized dashboards and analytics to monitor real-time metrics—latency, error rates, compliance indicators—to continuously refine policies and adapt to emerging threats. \n \n \n \n Example: Working with Multiple OLLAMA Models and Programmatic Inference \n In this scenario, multiple OLLAMA models have been deployed on the OpenShift cluster. For instance: \n sh-5.1$ ollama ls \nNAME ID SIZE MODIFIED \nllama2:7b 78e26419b446 3.8 GB 3 days ago \nllama3.2:1b baf6a787fdff 1.3 GB 2 weeks ago \nmario:latest 7434c42677ab 3.8 GB 12 seconds ago \nmistral:latest f974a74358d6 4.1 GB 11 days ago \norca-mini:latest 2dbd9f439647 2.0 GB About a minute ago\nphi3:latest 4f2222927938 2.2 GB 2 weeks ago \nphi3:mini 4f2222927938 2.2 GB 2 weeks ago \ntinyllama:latest 2644915ede35 637 MB 2 weeks ago \n \n We have a variety of models—ranging from Mistral-7B to tinyllama—that can be served simultaneously. While the environment is currently using CPUs for hosting these models, you could leverage GPUs for better performance in a production scenario. \n Unlike the model training and fine-tuning phase—where we worked directly within OpenShift AI Workbenches (to be covered in future blogs)— in this scenario we’re querying the LLM endpoint from a local application, where Python libraries and LangChain are installed. Instead of hitting the cluster directly, we route traffic through an F5 Distributed Cloud-managed URL (e.g., http://llm01.volt.thebizdevops.net). In a real-world deployment, the frontend could also be hosted on OpenShift or served through F5 Distributed Cloud Regional Edges (RE), providing flexible options for scaling and delivering the application. \n This ensures that all requests pass through F5 Distributed Cloud’s security layers, applying policies, detecting threats, and protecting sensitive data before they reach the LLM endpoint hosted in OpenShift AI on ROSA. \n \n Figure 2: Integrated Architecture with F5 Distributed Cloud and OpenShift AI on AWS \n F5 Distributed Cloud Capabilities in Action \n To illustrate the key F5 Distributed Cloud features, we’ve divided them into distinct capabilities and included screen captures in the F5 Distributed Cloud console. These captures provide a visual reference to understand how each capability enhances the security and compliance posture of your LLM inference endpoints. \n 1. API Discovery & Schema Enforcement \n What It Does: F5 Distributed Cloud automatically identifies all exposed inference endpoints for your AI/LLM models. It then derives schemas from real traffic, enforcing expected request and response formats. By blocking malformed inputs early, your model stays protected, ensuring consistent, reliable, and trustworthy inferences. \n \n Figure 3: API Discovery & Schema Enforcement (Refer to the annotated image above showing multiple discovered endpoints, shadow APIs, and downloadable OpenAPI specifications derived from actual traffic patterns.) \n 2. LLM-Aware Threat Detection & Request Validation \n What It Does: This feature identifies potential threats to your LLM endpoints by enforcing strict OpenAPI-based validation on incoming requests. By catching invalid or suspicious inputs early, you can adjust policies to block them in the future, ensuring that malicious attempts—whether aiming to exploit the LLM’s behavior or break compliance rules—never reach the inference logic. \n \n Figure 4: Security Analysis for a Non-Compliant Request (Here, the request triggered an OpenAPI validation failure. Although currently “allowed,” policies can be easily configured to “block” these events going forward, preventing non-compliant or potentially harmful requests from impacting your LLM models.) \n \n \n Figure 5: API Inventory Validation Configuration (This image illustrates the corresponding configuration settings for OpenAPI Validation. By validating both requests and responses at multiple layers—headers, body, and content-type—F5 Distributed Cloud ensures that LLM prompts remain safe, compliant, and free from injection attacks.) \n 3. Bot Mitigation & Rate Limiting \n What It Does: Differentiates legitimate user traffic from automated bots or scrapers bot mitigation, and ensures fair usage of resources (rate limiting). By differentiating legitimate requests from bot-driven abuse and enforcing request thresholds, F5 Distributed Cloud protects inference endpoints from performance degradation while maintaining a positive user experience. \n \n Figure 6: Bot Defense in Action (This image shows how F5 Distributed Cloud identifies and classifies automated traffic as “Bad Bots,” blocking them to preserve endpoint availability and prevent resource exhaustion.) \n \n \n Figure 7: Configuring Rate Limits (This image illustrates the setup of request thresholds for a specific endpoint, ensuring no single client overwhelms the inference service.) \n \n \n Figure 8: Enforced Rate Limit (429 Too Many Requests) (This image demonstrates a client exceeding the above-configured request limit and receiving a 429 response, confirming that F5 Distributed Cloud’s rate limiting is actively maintaining fair resource allocation.) \n 4. Sensitive Data Redaction & Compliance Logging \n What It Does: Identifies and masks personally identifiable information (PII) or other sensitive data—such as credit card numbers, emails, and phone numbers—within model responses. New Sensitive Data Exposure Rules allow you to customize and enforce policies to block or redact sensitive fields dynamically. This ensures compliance with frameworks like HIPAA, GDPR., and other regulatory mandates while capturing detailed logs for auditing. \n \n Figure 9: Adding Sensitive Data Exposure Rules (This image shows how you can add custom rules to detect and control exposure of sensitive fields, such as card-expiration dates, phone numbers, and credit-card details, ensuring model responses comply with organizational security policies.) \n \n \n Figure 10: Sensitive Data Detection Across APIs (Here, sensitive data types—like social-security numbers and phone numbers—are automatically detected across API responses. Built-in and custom rules flag potential exposures, empowering teams to enforce redaction and maintain compliance.) \n \n \n Figure 11: Service Policy for Model Validation (This image shows a service policy in action, blocking an inference request that doesn’t meet defined model validation criteria. Such policies can also be tied to compliance mandates, ensuring non-compliant responses are never returned to clients.) \n \n \n Figure 12: API Compliance & Sensitive Data Detection (Here, sensitive fields like credit-card or phone-number are automatically identified, and associated compliance frameworks (HIPAA, GDPR) are recognized. This empowers you to enforce data redaction, maintain regulatory compliance, and produce audit-ready logs without revealing sensitive details.) \n 5. Centralized Observability & Continuous Policy Updates \n What It Does: Offers dashboards and analytics tools to monitor request volumes, latency, errors, and compliance metrics across your AI inference endpoints. Security teams can leverage these observations to continuously refine their policies, enhance schema validations, and recalibrate rate limits as threats evolve or model usage grows. \n \n Figure 13: Endpoint-Level Metrics Dashboard (This example shows an LLM endpoint /api/generate with available metrics including error rate, latency, request rate, request size, response size, and throughput. By monitoring these trends, teams can quickly identify performance bottlenecks, detect anomalies, and apply targeted policy changes to maintain optimal efficiency and security.) \n The Outcome: Secure, Compliant, and Performant LLM Serving \n By combining Red Hat OpenShift AI on ROSA with F5 Distributed Cloud, organizations can: \n \n Confidently serve multiple LLMs at scale, handling diverse use cases and workloads. \n Securely expose inference endpoints, ensuring that requests from external clients are validated, sanitized, and protected against prompt injection, unauthorized access, or excessive traffic. \n Maintain compliance and privacy, redacting sensitive data and logging requests for auditing and reporting purposes. \n Continuously adapt to evolving threats, leveraging real-time observability and agile policy management for persistent security improvements. \n \n This powerful combination enables generative AI models to be woven into complex enterprise workflows—such as insurance claims processing—without sacrificing trust, governance, or user satisfaction. \n Conclusion \n Red Hat OpenShift AI on ROSA, bolstered by F5 Distributed Cloud API Security, provides a robust, scalable, and secure foundation for running generative AI workloads in production. Together, they address the nuanced security challenges of exposing LLM inference endpoints to external clients. \n Whether you are working with a single LLM or managing a portfolio of models like OLLAMA’s Mistral, Phi3, and TinyLlama, this combination ensures that your users—connecting from anywhere—can trust the quality, security, and compliance of the AI services they rely on. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"16330","kudosSumWeight":5,"repliesCount":4,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtTXJvZ2o4?revision=60\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtOE9BVFdX?revision=60\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtWDZYT0JG?revision=60\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtZGV6OEJ4?revision=60\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtd0t4N0FC?revision=60\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtdGZMc1lQ?revision=60\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtb3lGSkxH?revision=60\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMteHpyb0kx?revision=60\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtYUVPSVJS?revision=60\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtY1NqeDJj?revision=60\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtTjAxZG1E?revision=60\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMteWRUcTVk?revision=60\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzgzNTMtQzBuYmhU?revision=60\"}"}}],"totalCount":13,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:338825":{"__typename":"Conversation","id":"conversation:338825","topic":{"__typename":"TkbTopicMessage","uid":338825},"lastPostingActivityTime":"2025-01-02T05:30:00.034-08:00","solved":false},"User:user:419633":{"__typename":"User","uid":419633,"login":"Koichi","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS00MTk2MzMtMjUxMTJpODRENkE1RkUxRjBDNkI2QQ"},"id":"user:419633"},"TkbTopicMessage:message:338825":{"__typename":"TkbTopicMessage","subject":"AI Security - LLM-DOS, and predictions of 2025 and beyond","conversation":{"__ref":"Conversation:conversation:338825"},"id":"message:338825","revisionNum":4,"uid":338825,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:419633"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":112},"postTime":"2025-01-02T05:30:00.034-08:00","lastPublishTime":"2025-01-02T05:30:00.034-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Introduction \n Hello again, this article is part of AI security series. I have been discussing AI security along with the OWASP LLM top10. \n LLM01 and LLM02 were discussed in the \"AI Security : Prompt Injection and Insecure Output Handling\", and LLM03 and its basic concepts were discussed in the \"Using ChatGPT for security and introduction of AI security\". In this article, I am going to discuss LLM04. And, since we are almost at the end of the year 2024, I would like to present some discussions and predictions for AI security in 2025 and beyond. \n LLM04: Model Denial of Service \n LLM04 is relatively easy to understand for security engineers who is familiar with conventional cyber attack methods. Denial of Service (DoS) is a common method of cyber attack, in which a large amount of data is given to the server to make it unable to provide services and/or crash. DoS attacks usually aim to exhaust computational resources and block services rather than stealing data, but the disruption they cause can be used as a smokescreen for more malicious activities, such as data breaches or malware installation. \n DOS attack against LLM (LLM-DOS) is same. It aims to exhaust computational resources of DOS (like CPU/GPU usage) and block services (like responding to chat). LLM-DOS can be done in two ways. One is a simple LLM-DOS attack which is to mass input against the LLM's input, similar to a DOS attack against a server. This method, as described in this article, can deplete the LLM's resources, like CPU/GPU usages. If you call this as a simple DoS attack, in such a scenario would be to instruct the model to keep repeating Hello, but we see that relying only on natural instructions limits the output length, which is limited by the maximum length of the LLM's Supervised Fine-Tuning (SFT) data \n The another method of LLM-DOS is to include code in the input that over-consumes resources. Denial-of-Service Poisoning Attacks on Large Language Models is discussing this. In the paper, this is called as a poisoning-based DoS (P-DoS) attack and it demonstrates that the output length limit can be broken by injecting a single poisoning sample designed for DoS purposes. Experiments reveal that an attacker can easily compromise models such as GPT-4o and GPT-4o mini by injecting a single poisoning sample through the OpenAI API at a minimal cost of less than $1. \n To understand this, it is easier to think about simple programming - for example, if you put an inescapable loop statement in your code, it can hang the computer (in fact, the IDE will warn you before it compiles). And if the network does not have a Spanning Tree Protocol, it will loop and hang the router. So same things happens on prompt injection. \n When using this idea LLLM-DOS, we must consider that such input should be blacklisted, so the simple way of using inescapable loop is impossible. Also, even if it is possible against WhiteBox, but we do not know what kind of attack is possible in BlackBox. However, according to \"Crabs: Consuming Resource via Auto-generation for LLM-DoS Attack under Black-box Settings\", a Prompt input to the BlackBox can generate multiple sub-prompts (e.g., 25 sub-prompts). Its experiments show that the delay could be increased by a factor of 250. \n Given these serious safety concerns, researchers advocate further research aimed at defending against LLM-DoS threats in custom fine tuning of aligned LLMs. \n What will happen in 2025 and beyond? \n Some news site predicts an intensifying AI arms race in coming year. I would like to share an article on AI security predictions for the coming year and beyond. According to an article by EG Secure solutions, the generative AI makes it possible to create a malware without specialized skills, that makes easier to do cyber attacks. Thus, the article predicted that cyber attacks by malware created by generative AI would increase. The article also points out that LLM-generated applications such as RAGs are being used, but their code may contain vulnerabilities, and that will be another threat in 2025 and beyond. \n McAfee has released \"McAfee Unveils 2025 Cybersecurity Predictions: AI-Powered Scams and Emerging Digital Threats Take Center Stage\". According to the article, cyber attacks by malicious attackers will be highly optimized by generative AI, and the quality of DeepFake and AI-generated images/videos will increase, making it difficult to determine whether they are created by humans or generative AI. Thus it is expected that fake emails generated by generative AI, such as phishing emails, will also become harder to distinguish from real emails. Furthermore, the article points out that malware which is using (maybe created by) generative AI will become more sophisticated, thereby breaking through conventional security defense systems and may succeed to extracting personal information and sensitive data. \n Finally, the \"Infosec experts divided on AI's potential to assist red teams\" discusses the pros and cons of using generative AI for red teaming, one type of security audit. According to the article, the benefit of using generative AI is that it accelerates threat detection by allowing AI to scour multiple data feeds, applications, and other sources of performance data and run them as part of a larger automated workflow. On the other hand, the article also argues that using generative AI for red teaming is still limited, because the vulnerability discovery process by AI is a black box so the pen-tester cannot explain how they discovered to their clients. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"5587","kudosSumWeight":1,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:288979":{"__typename":"Conversation","id":"conversation:288979","topic":{"__typename":"TkbTopicMessage","uid":288979},"lastPostingActivityTime":"2025-01-01T03:39:09.901-08:00","solved":false},"User:user:172166":{"__typename":"User","uid":172166,"login":"Lucas_Thompson","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xNzIxNjYtckp1WGNn?image-coordinates=0%2C0%2C512%2C512"},"id":"user:172166"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktODEzMGlGNDJCQTQyQjcxRTU5NzAx?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktODEzMGlGNDJCQTQyQjcxRTU5NzAx?revision=2","title":"0151T000003lmAhQAI.png","associationType":"BODY","width":403,"height":274,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTI5OTNpRDY5MkEwQ0MzQkE4QTRFQQ?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTI5OTNpRDY5MkEwQ0MzQkE4QTRFQQ?revision=2","title":"0151T000003lmAmQAI.png","associationType":"BODY","width":508,"height":270,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNDI4MGlEOEVBQkRERkFEQzc3NDE2?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNDI4MGlEOEVBQkRERkFEQzc3NDE2?revision=2","title":"0151T000003lmAJQAY.png","associationType":"BODY","width":362,"height":277,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTI1NzVpREVGNDI1ODIwRUE4Q0M4Mw?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTI1NzVpREVGNDI1ODIwRUE4Q0M4Mw?revision=2","title":"0151T000003lmAnQAI.png","associationType":"BODY","width":462,"height":254,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTg5MGkyMjZEMkE2QUU0RjNBNEUw?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTg5MGkyMjZEMkE2QUU0RjNBNEUw?revision=2","title":"0151T000003lmArQAI.png","associationType":"BODY","width":877,"height":602,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTU0ODlpNjE5QTJBOTk2MTcwNDhBMg?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTU0ODlpNjE5QTJBOTk2MTcwNDhBMg?revision=2","title":"0151T000003lmAsQAI.png","associationType":"BODY","width":436,"height":325,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTA2NDBpQTFBNjA3OTkxMkQ2MUMwOQ?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTA2NDBpQTFBNjA3OTkxMkQ2MUMwOQ?revision=2","title":"0151T000003lmAwQAI.png","associationType":"BODY","width":403,"height":234,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzg2NGkwRUIyRTdBODJCMUNDODAy?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzg2NGkwRUIyRTdBODJCMUNDODAy?revision=2","title":"0151T000003lmAKQAY.png","associationType":"BODY","width":794,"height":279,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNTYwNmlCQzMwNDgzMUI1MTA3MjJG?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNTYwNmlCQzMwNDgzMUI1MTA3MjJG?revision=2","title":"0151T000003lmALQAY.png","associationType":"BODY","width":1253,"height":399,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMjAyNWkwM0RCNjkzMDI5OEE3ODU2?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMjAyNWkwM0RCNjkzMDI5OEE3ODU2?revision=2","title":"0151T000003lmAxQAI.png","associationType":"BODY","width":1228,"height":140,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMjk1MGlDMDREODE0ODMxMURCQjRE?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMjk1MGlDMDREODE0ODMxMURCQjRE?revision=2","title":"0151T000003lmAMQAY.png","associationType":"BODY","width":196,"height":109,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktOTEzNmk0QjNFNTRCMEY1NkZCMTM3?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktOTEzNmk0QjNFNTRCMEY1NkZCMTM3?revision=2","title":"0151T000003lmB1QAI.png","associationType":"BODY","width":148,"height":108,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzc0N2kyQzE2RjgzN0U1RDFDRjFD?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzc0N2kyQzE2RjgzN0U1RDFDRjFD?revision=2","title":"0151T000003lmB2QAI.png","associationType":"BODY","width":176,"height":70,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNDk4aTQ1QjhCMkMzQUQ3NEJGNkU?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNDk4aTQ1QjhCMkMzQUQ3NEJGNkU?revision=2","title":"0151T000003lmAtQAI.png","associationType":"BODY","width":451,"height":242,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktODIxMmk0MDEyNTQ2RURCNEQ4OTRF?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktODIxMmk0MDEyNTQ2RURCNEQ4OTRF?revision=2","title":"0151T000003lmAuQAI.png","associationType":"BODY","width":1219,"height":169,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMjgxMGkyQUM5NjI5ODFFNjNGM0Y4?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMjgxMGkyQUM5NjI5ODFFNjNGM0Y4?revision=2","title":"0EM1T000002Kz1m.jpg","associationType":"BODY","width":2226,"height":380,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNTk0Nmk3NEFGM0YwQzkzNkY0NEUy?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNTk0Nmk3NEFGM0YwQzkzNkY0NEUy?revision=2","title":"0151T000003lmAoQAI.png","associationType":"BODY","width":1361,"height":535,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTA5MDdpMEI1NEVDMjhDNURCREY5RQ?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTA5MDdpMEI1NEVDMjhDNURCREY5RQ?revision=2","title":"0151T000003lmB3QAI.png","associationType":"BODY","width":567,"height":406,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzMxMmkwNkRFNUY1OTFGRjM3MUQ1?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzMxMmkwNkRFNUY1OTFGRjM3MUQ1?revision=2","title":"0151T000003lmAvQAI.png","associationType":"BODY","width":356,"height":290,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzk1aTdEODQ3NTNBNkY5ODc3RjU?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzk1aTdEODQ3NTNBNkY5ODc3RjU?revision=2","title":"0151T000003lmBLQAY.png","associationType":"BODY","width":1165,"height":336,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTI0MjlpRjg2MjU1NjVDNURFNDg2MQ?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTI0MjlpRjg2MjU1NjVDNURFNDg2MQ?revision=2","title":"0151T000003lmB6QAI.png","associationType":"BODY","width":528,"height":253,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTU5OTBpQjQxNEVCMjRGMjUzODZGQw?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTU5OTBpQjQxNEVCMjRGMjUzODZGQw?revision=2","title":"0151T000003lmAyQAI.png","associationType":"BODY","width":432,"height":252,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzExMmk0QUY3NzFEOUFERjlBRkVD?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzExMmk0QUY3NzFEOUFERjlBRkVD?revision=2","title":"0151T000003lmApQAI.png","associationType":"BODY","width":455,"height":238,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTA2NzRpQUVENDdBOUE2MUQ4NUZCRg?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTA2NzRpQUVENDdBOUE2MUQ4NUZCRg?revision=2","title":"0151T000003lmAqQAI.png","associationType":"BODY","width":439,"height":283,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTMzNDNpNTNCN0FFMEU3MEJGRTM2Nw?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTMzNDNpNTNCN0FFMEU3MEJGRTM2Nw?revision=2","title":"0151T000003lmAzQAI.png","associationType":"BODY","width":465,"height":256,"altText":null},"TkbTopicMessage:message:288979":{"__typename":"TkbTopicMessage","subject":"APM Advanced Customization Examples with Modern Template, v15.1+","conversation":{"__ref":"Conversation:conversation:288979"},"id":"message:288979","revisionNum":2,"uid":288979,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:172166"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":14373},"postTime":"2020-03-31T13:25:33.000-07:00","lastPublishTime":"2022-02-09T10:07:14.626-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Introduction \n This guide will walk through how the logon, webtop, and other UI pages are created by APM, how it works, and some examples.The new APM modern template has an updated look in both mobile and desktop browsers. It uses the popular Preact framework to provide a consistent and familiar end user experience. \n \n \n How to activate the new customization system \n New policies created in 15.1 and later default to the new Modern template. Existing policies made before 15.1 continue to use the Standard template. \n When creating a new access policy: \n \n \n You can see the customization types applied to all access policies in the Per-Session access policy menu: \n Customization Sections \n Basic, General, and Advanced Customization \n APM has different ways to customize, depending on the desired complexity. Some administrators simply want to change colors, while others would prefer to completely rewrite the APM user-facing HTML and CSS so they have similar branding to other corporate web properties. As is typical with CSS, style customizations can be applied simultaneously with later style changes overriding earlier ones. \n \n \n Basic Customization \n Simple customization settings such as images, titles, captions, and colors are applied to resources and policies using Basic Customization. The tables and screenshot below detail the settings. \n \n \n Elements in Basic Customization \n Header/Footer/Title \n \n Header Image for Desktop (Max height: 60px) \n Header Image for Mobile (Max height: 30px) \n \n Layout Settings \n \n Maximum viewport width for applying small (mobile) screen styles (px) \n Browser width for mobile clients \n Minimum viewport width for applying large (desktop) screen styles (px) \n Browser width for desktop clients \n \n Colors (see image for sections) \n \n Active Links and Buttons Color \n Footer Background Color \n Form Background Color \n Header Color \n Page Background Color \n Solid Button Text Color \n Text Color \n Top Strip Color \n \n General Customization \n General Customization offers a more advanced tree view of the Basic Customization settings as well as text options for user-facing messages. Like Basic customization, the settings are applied individually to each access policy and policy item via the item’s XML file specified in the cache-path parameter of the associated customization group configuration object. \n To use General Customization \n \n Create the policies and/or resources you would like to customize. \n Find them in the tree view. \n Make the changes. \n Perform the standard 3-step save process: Save Draft, Save, then Apply the access policy. \n \n \n \n You use General Customization to apply changes to the informational text strings and error messages that are displayed to users. Browse the configuration tree to see the available customization areas. \n The settings are divided into Branding and Text. Text are the localized messages that are displayed to the end users, including associated HTML. User-facing status and text messages can be selected in the Text tab. Branding options are about page styling, colors, fonts, and the like. These are selected in the Branding tab. \n Special General Options \n APM customization has a few non-branding and non-text special options in the configuration tree. \n Disable all external scripts and styles \n The new Modern customization includes a new resource loader feature. This feature loads all added CSS and JS resources dynamically, including 3 rd party external code. You use this option like a “Revert” to restore the default branding in case there is some unknown trouble. If enabled, it disables loading of all external CSS and JS, including the APM-hosted user-XXXX.js and user-XXXX.css files. \n \n \n External Javascript / CSS \n You can now easily add external javascript references, for libraries such as JQuery that you would like your users to load from an external CDN. Historically this would present a security problem because the CDN content may be vulnerable to malicious injection. APM uses the W3C subresource integrity feature(https://www.w3.org/TR/SRI/) mechanism to ensure that the external files are not tampered. \n You can also specify external scripts manually in user-XXXX.js, but using the inbuilt APM script-loader mechanism allows us to trap loading errors and disable all external scripts globally, in case of any problems (see the previous section). \n To use this feature: \n \n Find the checksum* and URL of your resource. jQuery makes this very simple: It’s directly on their CDN page. Alternatively, you can compute them using srihash.org. \n Place the values into External Scripts / Styles. \n Save, Apply the access policy, and visit the access policy virtual. \n \n *Note*: APM’s end-user pages are built using Preact with built-in libraries, so don't load another copy of Preact using this mechanism. See the Advanced Examples section below for usage ideas. \n If the checksum is incorrect the stock APM javascript will function correctly, but the external resource will not be loaded and the browser will produce a “Failed to find a valid digest in the integrity attribute for resource ‘xxxxxx’” error in the console similar to this screenshot: \n \n * Supported checksum mechanisms are SHA-256, SHA-384, or SHA-512. \n Advanced Customization \n Use Advanced Customization to edit or place code directly into the files that are referenced from the primary APM user-facing HTML. Common settings are available which load on all pages, along with separate CSS and JS for each policy item that is present in the policy. Generally, the CSS/JS for each policy item load after the common settings so later settings will override earlier ones. \n You must first add policy items to customize before customizing them. This is a customization tree view before and after adding Logon Page to access policy: \n Before After \n Operation of Advanced Customization \n With Advanced Customization, you can do essentially any styling you want using standard CSS. Advanced Customization has some common settings, agent settings, and some special settings. After making any change, Save Draft, then Save., then Apply the access policy. \n \n Common settings \n These two files (user-common.css and user-common.js) are loaded on all* APM user-facing pages, including policy evaluation (logon, message, etc), webtop, and logout. \n Use these if you want to change a page style in all areas. For example, perhaps we always want to hide the header and footer and add a background image. To do that, we can simply add some CSS to user-common.css to set a few properties targeting the apmui-header, apmui-main, and apmui-footer CSS selectors. \n Example: logon page customization \n \n Hide header and footer, and add a picture: \n \n *Note*: You should usually make logon-specific changes on the logon page rather than “common”, since the webtop places some GUI links in apmui-header. Hiding the header removes access to these links! \n You can use user-common.js to load a tracker such as Google Analytics. \n Example: Google Analytics \n \n Customization Types \n There are two broad categories for the customization of APM objects: \n Resources are Assigned during per-session access policy execution. They include customizable icons, captions, and descriptions that are visible on the APM full webtop (sometimes called a portal). \n \n OAuth Client App \n OAuth Scope \n App Tunnel \n Network Access \n Remote Desktop \n SAML \n Web App (Portal Access) \n Webtop Link \n Webtop Section \n \n Non-Resources each have different configuration properties \n \n General \n Framework Installation \n EPS \n Logout (Ending Denied) \n Error message \n Decision Box \n Confirm/Continue \n Ending Denied \n Message Box \n Oauth Authz \n Webtop \n \n Screenshots \n *Example*: Simple resource customization of a webtop link resource \n \n End-User view from APM webtop: \n \n \n Troubleshooting Tips: Configuration Structure \n Resource customization settings, text strings, and image files are stored as interdependent configuration and file objects. When troubleshooting, check the following configuration areas. \n This diagram represents the dependencies: \n \n \n This table represents the item details, and troubleshooting tips: \n NOTE: To create resource customization using scripting or automation, they must be created all at once using a TMSH transaction rather than individually because of the interdependency between resources, profiles, policies, policy items, agents, and customization groups. To get started, use the GUI to create a policy you like, then review the configuration objects defined in tmsh list apm. The objects inter-referred-to must be copied into a transaction. equivalent create apm xxxx commands inside of a transaction. For detail on transactions with APM policies, see \n tmsh help apm policy access-policy\n tmsh help cli transaction\n \n HTML Rendering Details \n Access profiles, Per Request Policies and other objects (customized independently from an access profile) share similar syntax and structure. Each object has customization settings. Access Profiles have multiple groups of customization settings. Every time you change customization, it generates a set of files that are combined to form the user-displayed page. \n Settings (color, font, text, and so on) for the header and footer can be defined in access profile customization. Settings for the location and alignment of the content area can also be defined in access profile customization. Settings for resources displayed in the APM Webtop can be defined in the resource's configuration area (see payroll example above). \n APM Sandbox / Image Hosting \n To place images or other files in APM for convenient access by end users, use the Hosted Content feature. \n \n On a BIG-IP system, on the Main tab, click Access > Webtops > Hosted Content > Manage Files. \n Upload an image file. \n Click Upload >> Manage Access, and make sure the checkbox for your access policy attached to the virtual server is selected. \n Access the file at the location indicated in the Publicly Accessible URI column. \n \n General Examples \n Execute external javascript code after Logon Page browser rendering is complete. \n This example can be placed into user-logon.js to use the D3 library to display a small pop-up message. Additional code can be inserted for custom functions. \n define([\"require\", \"exports\", \"tslib\", \"module\", \"apmui/page/logon/View\"], function (require, exports, tslib_1, module, View_1) {\n \"use strict\";\n Object.defineProperty(exports, \"__esModule\", { value: true });\n requirejs.config({\n map: {\n 'apmui/master/View': {\n 'apmui/page/logon/View': module.id,\n },\n },\n });\n /* Replacement View component */\n var CustomLogonView = /** @class */ (function (_super) {\n tslib_1.__extends(CustomLogonView, _super);\n function CustomLogonView() {\n return _super !== null && _super.apply(this, arguments) || this;\n }\n CustomLogonView.prototype.componentDidMount = function () {\n _super.prototype.componentDidMount.call(this);\n requirejs(['https://d3js.org/d3.v6.min.js'], function (d3) {\n \n // Place your code inside this function\n \n d3.select(\"form\").append(\"span\")\n .text(\"Hello from D3 library\"); \n });\n };\n return CustomLogonView;\n }(View_1.default));\n exports.default = CustomLogonView;\n});\n\n \n Execute local javascript code inside Logon Page. \n This example can be placed into user-logon.js to perform custom actions. \n define([\"require\", \"exports\", \"tslib\", \"module\", \"apmui/page/logon/View\"], function (require, exports, tslib_1, module, View_1) {\n \"use strict\";\n Object.defineProperty(exports, \"__esModule\", { value: true });\n requirejs.config({\n map: {\n 'apmui/master/View': {\n 'apmui/page/logon/View': module.id,\n },\n },\n });\n /* Replacement View component */\n var CustomLogonView = /** @class */ (function (_super) {\n tslib_1.__extends(CustomLogonView, _super);\n function CustomLogonView() {\n return _super !== null && _super.apply(this, arguments) || this;\n }\n CustomLogonView.prototype.componentDidMount = function () {\n _super.prototype.componentDidMount.call(this);\n\n alert('PLACE CUSTOM CODE HERE');\n\n };\n return CustomLogonView;\n }(View_1.default));\n exports.default = CustomLogonView;\n});\n \n Advanced Examples \n These use TypeScript and preact You should be familiar with these technologies and their usage. To use these examples, you need a standard TypeScript/NodeJS+NPM build environment. This can be most easily achieved by using Linux, Microsoft Windows Subsystem for Linux (WSL), or Mac, then installing NodeJS which includes NPM. \n The examples are attached to this article as a ZIP archive. Download and decompress this file to a suitable location on your workstation. \n Read README.md from the package. Each example here assumes you have already downloaded the package and run npm install; npm run build. The compilation result is placed in the dist directory. For each one of the examples, you simply copy the user-xxxx.css and user-xxxx.js files into the correct object in Advanced Customization. \n \n To make changes to these examples, modify the files in src, then npm run build, as specified in README.md. \n Example 1: Decision box with more options \n By default, the APM Decision Box has only two choices. \n \n We can use this advanced customization example to append additional choices. Follow this procedure: \n \n Add a decision box to your access policy. \n Navigate to customization-examples/dist/decisionBox-more-options and copy the contents of user-decision.js to the appropriate area in Advanced Customization. \n \n Click Save Draft, Save, and apply the access policy. \n As a user, navigate to the decision box on the APM virtual server. \n \n Now the decision box has 4 options rather than two. \n The option and icon detail are in the example user-decision.ts source file: \n \n \n The result: value is the raw POST data, which is transferred from the client browser when the my.policy page is submitted. It must match an agent expression in the branch rules defined for the decision box object. As with all other agents, the branch rules must be defined in the policy-item configuration so that the additional branches are available in the VPE for use: \n \n Once these additional branch rules are defined, they can be added to the VPE flow: \n \n When a user makes a choice, it appears in log files thusly: \n \n To host your own icons, you can use the APM sandbox hosting feature, discussed elsewhere in this doc. \n Example 2: Logon box custom component \n This example adds a custom Preact component to the Logon Box. \n \n Add a Logon Page to your access policy, then copy the example dist code into your user-logon.js and user-logon.css files. \n \n Output: \n \n \n \n Example 3: Logon custom view \n This is an example of how to obtain a JSON-formatted dump of data available programmatically. \n Add the code from logon-custom-view to your APM policy files, then visit the APM virtual. You will see JSON data that provides the detailed data available. \n Example 4: PIN Pad replaces standard forms logon page \n This is an example of an alternative method of rendering a standard forms logon page with a polymorphic virtual PIN pad. It uses Preact and CSS to achieve this result. \n Note: A similar result with a virtual keyboard is possible as well, using other modules available via npm. This requires Preact development. \n As with the other examples, compile the TypeScript and place the dist’s user-logon.css and user-logon.js into the APM’s advanced customization area for your logon agent. The result when visiting this logon page is illustrated in this screenshot: \n \n Example 5: Validation of input fields \n logon-validate-domain contains a sample that has an example of input field validation: \n \n \n The input validation logic can be changed with the following TypeScript: \n \n This kind of validation logic can be extended for almost any purpose. \n Example 6: Pin resource to top of webtop \n Recently-used-resources implements a mechanism that uses local storage to track how many times a resource has been clicked. It also creates a new webtop section that displays most-clicked-on resources. You must have a full webtop and multiple resources assigned to the user (any type is fine). \n Use this example like the others: Copy the dist directory files user-webtop.css and user-webtop.js to the advanced customization object and click Save Draft, then Save, and apply the access policy. Note that you may have to clear BIG-IP or browser cache to see the update. \n Take a few minutes to examine the browser's Local Storage contents while clicking various favorites assigned to the user. \n \n Example 7: Pin resources on full webtop \n Most application portals offer some kind of system to save often-used resources at the top of the list. This example uses HTML5 Browser Local Storage to save the user’s resources and render them at the top of the webtop application portal. You must assign a full webtop and multiple resources to the user. \n Use this example like the others: Copy the dist directory files user-webtop.css and user-webtop.js to the advanced customization object and click Save Draft, then Save, and apply the access policy. Note that you may have to clear BIG-IP or browser cache to see the update. \n \n Afterwards, logon as a user to the webtop and click the corner pin icon to add the resource to Pinned Resources. \n \n Try to log out and back in and see that the resource(s) are saved. \n Check the browser developer tools to query the local storage contents. \n \n \n Examples Conclusion \n We hope these examples are helpful to performing customization of APM web pages. Please let us know of any further examples that you would like to share! \n Request For Examples \n We have received the following requests for examples and hope to add these soon. Let us know if you can contribute! \n \n Simplest way to add an HTML link and text into the logon page \n Simplest way to add a select box to a logon page \n Example virtual keyboard logon page \n \n Attributions / Licensing / Support Status \n Support Status: \n F5 Support cannot provide assistance with TypeScript, JavaScript, or Preact coding or web development. To validate the operation of any of these examples, standard web development practices should be used. \n F5 code: \n These examples include code produced by F5 intended to showcase the possibilities of the v15.1.0 APM customization system and can be used by any APM customer. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \n 3 rd Party Code: \n As with most open source software, each module in this example includes a separate license (MIT, CC, etc). Before using any of these in a production environment, please review the licensing requirements for each NPM package in node_modules. \n Media: \n Beach scene used in customization examples: Stones in the Beach By Xavierfsc - Own work, CC BY 4.0, https://commons.wikimedia.org/w/index.php?curid=84430607 \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"21544","kudosSumWeight":6,"repliesCount":27,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktODEzMGlGNDJCQTQyQjcxRTU5NzAx?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTI5OTNpRDY5MkEwQ0MzQkE4QTRFQQ?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNDI4MGlEOEVBQkRERkFEQzc3NDE2?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTI1NzVpREVGNDI1ODIwRUE4Q0M4Mw?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTg5MGkyMjZEMkE2QUU0RjNBNEUw?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTU0ODlpNjE5QTJBOTk2MTcwNDhBMg?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTA2NDBpQTFBNjA3OTkxMkQ2MUMwOQ?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzg2NGkwRUIyRTdBODJCMUNDODAy?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNTYwNmlCQzMwNDgzMUI1MTA3MjJG?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMjAyNWkwM0RCNjkzMDI5OEE3ODU2?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMjk1MGlDMDREODE0ODMxMURCQjRE?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktOTEzNmk0QjNFNTRCMEY1NkZCMTM3?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzc0N2kyQzE2RjgzN0U1RDFDRjFD?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNDk4aTQ1QjhCMkMzQUQ3NEJGNkU?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktODIxMmk0MDEyNTQ2RURCNEQ4OTRF?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMjgxMGkyQUM5NjI5ODFFNjNGM0Y4?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNTk0Nmk3NEFGM0YwQzkzNkY0NEUy?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxOA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTA5MDdpMEI1NEVDMjhDNURCREY5RQ?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxOQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzMxMmkwNkRFNUY1OTFGRjM3MUQ1?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyMA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzk1aTdEODQ3NTNBNkY5ODc3RjU?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyMQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTI0MjlpRjg2MjU1NjVDNURFNDg2MQ?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyMg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTU5OTBpQjQxNEVCMjRGMjUzODZGQw?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyMw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktNzExMmk0QUY3NzFEOUFERjlBRkVD?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyNA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTA2NzRpQUVENDdBOUE2MUQ4NUZCRg?revision=2\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyNQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yODg5NzktMTMzNDNpNTNCN0FFMEU3MEJGRTM2Nw?revision=2\"}"}}],"totalCount":36,"pageInfo":{"__typename":"PageInfo","hasNextPage":true,"endCursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyNQ","hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/customComponent/CustomComponent-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/customComponent/CustomComponent-1728320186000","value":{"errorMessage":"Error rendering component id: {customComponentId}","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/community/Navbar-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1728320186000","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Groups","migrated-link-7":"Technical Articles","migrated-link-8":"DevCentral News","migrated-link-1":"Technical Forum","migrated-link-10":"Community Groups","migrated-link-2":"Water Cooler","migrated-link-11":"F5 Groups","migrated-link-0":"Forums","article-series":"Article Series","migrated-link-5":"Community Articles","migrated-link-6":"Articles","security-insights":"Security Insights","migrated-link-3":"CrowdSRC","migrated-link-4":"CodeShare","migrated-link-12":"Events","migrated-link-13":"Suggestions"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1728320186000","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1728320186000","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1728320186000","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1728320186000","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1728320186000","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagSubscriptionAction-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagSubscriptionAction-1728320186000","value":{"success.follow.title":"Following Tag","success.unfollow.title":"Unfollowed Tag","success.follow.message.followAcrossCommunity":"You will be notified when this tag is used anywhere across the communtiy","success.unfollowtag.message":"You will no longer be notified when this tag is used anywhere in this place","success.unfollowtagAcrossCommunity.message":"You will no longer be notified when this tag is used anywhere across the community","unexpected.error.title":"Error - Action Failed","unexpected.error.message":"An unidentified problem occurred during the action you took. Please try again later.","buttonTitle":"{isSubscribed, select, true {Unfollow} false {Follow} other{}}","unfollow":"Unfollow"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListTabs-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListTabs-1728320186000","value":{"mostKudoed":"{value, select, IDEA {Most Votes} other {Most Likes}}","mostReplies":"Most Replies","mostViewed":"Most Viewed","newest":"{value, select, IDEA {Newest Ideas} OCCASION {Newest Events} other {Newest Topics}}","newestOccasions":"Newest Events","mostRecent":"Most Recent","noReplies":"No Replies Yet","noSolutions":"No Solutions Yet","solutions":"Solutions","mostRecentUserContent":"Most Recent","trending":"Trending","draft":"Drafts","spam":"Spam","abuse":"Abuse","moderation":"Moderation","tags":"Tags","PAST":"Past","UPCOMING":"Upcoming","sortBymostRecent":"Sort By Most Recent","sortBymostRecentUserContent":"Sort By Most Recent","sortBymostKudoed":"Sort By Most Likes","sortBymostReplies":"Sort By Most Replies","sortBymostViewed":"Sort By Most Viewed","sortBynewest":"Sort By Newest Topics","sortBynewestOccasions":"Sort By Newest Events","otherTabs":" Messages list in the {tab} for {conversationStyle}","guides":"Guides","archives":"Archives"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1728320186000","value":{"title":"Query Handler"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1728320186000","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/OverflowNav-1728320186000","value":{"toggleText":"More"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1728320186000","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1728320186000","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1728320186000","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1728320186000","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1728320186000","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1728320186000","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1728320186000","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageUnreadCount-1728320186000","value":{"unread":"{count} unread","comments":"{count, plural, one { unread comment} other{ unread comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageViewCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageViewCount-1728320186000","value":{"textTitle":"{count, plural,one {View} other{Views}}","views":"{count, plural, one{View} other{Views}}"},"localOverride":false},"CachedAsset:text:en_US-components/kudos/KudosCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/kudos/KudosCount-1728320186000","value":{"textTitle":"{count, plural,one {{messageType, select, IDEA{Vote} other{Like}}} other{{messageType, select, IDEA{Votes} other{Likes}}}}","likes":"{count, plural, one{like} other{likes}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRepliesCount-1728320186000","value":{"textTitle":"{count, plural,one {{conversationStyle, select, IDEA{Comment} OCCASION{Comment} other{Reply}}} other{{conversationStyle, select, IDEA{Comments} OCCASION{Comments} other{Replies}}}}","comments":"{count, plural, one{Comment} other{Comments}}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1728320186000","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false}}}},"page":"/tags/TagPage/TagPage","query":{"messages.widget.messagelistfornodebyrecentactivitywidget-tab-main-messages-list-for-tag-widget-0":"mostRecent","nodeId":"board:TechnicalArticles","tagName":"security"},"buildId":"OKtI0OLKuXmERTJKBVqYX","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"f5","openTelemetryServiceVersion":"24.11.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/customComponent/CustomComponent/CustomComponent.tsx","./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/tags/TagsHeaderWidget/TagsHeaderWidget.tsx","./components/messages/MessageListForNodeByRecentActivityWidget/MessageListForNodeByRecentActivityWidget.tsx","./components/tags/TagSubscriptionAction/TagSubscriptionAction.tsx","../shared/client/components/common/List/ListGroup/ListGroup.tsx","./components/messages/MessageView/MessageView.tsx","./components/messages/MessageView/MessageViewInline/MessageViewInline.tsx","../shared/client/components/common/Pager/PagerLoadMore/PagerLoadMore.tsx"],"appGip":true,"scriptLoader":[]}