F5 BIG-IP, SharePoint and Other Technologies…
I have recently had the opportunity to work with SSTP VPN inside of Microsoft’s Unified Access Gateway and it has been quite a learning experience to say the least.
I ran into one issue in particular that I want to cover today, where RPC packets were being blocked on all of the client PC’s coming in over the SSTP VPN (Secure Socket Tunneling Protocol Virtual Private Network).
Read More >>
I have been tinkering with using .OSDX files to query SharePoint 2010 to obtain search results lately and wanted to share the template that I have come up with that allows me to do that.
For those not familiar, it is possible to search a SharePoint 2010 web site from your local Windows 7 installation without having to actually go to the web site. You simply search from your built in search bar in Windows 7.
Read More >>
Today I would like to discuss HTML parameters and how you can leverage the BIG-IP ASM module to help secure a web site by doing what I call parameter scanning. For this little exercise I will focus on only two parameters, TARGET and user, but the principals I am covering here can be applied to all kinds of parameters.
For those of you who do not have a lot of experience with HTML parameters you probably have heard to them referred to as fields in your web application. For example, many web applications have username and password fields and these are essentially parameter fields. There are sometimes hidden parameters and dynamic parameters that are not associated with a field on the page, but today I want to discuss the basic ones. I have chosen the TARGET parameter because it is deprecated and it can be used in phishing attacks as a form of “Open Redirect” attack on your web sites. The user parameter was chosen because it is a pretty common parameter/field name and it just seemed to make sense to include it in the discussion.
I was initially going to title this blog entry “f5 Networks – The Box of Awesomeness Redux”. It just sounded a little to long to me and while I am EXTREMELY gracious regarding the latest Box of Awesomeness I have received from f5 Networks, I think I may be even more excited about being asked to serve as a f5 Networks MVP Member for 2011!
Now some of you may remember that last year’s Box of Awesomeness contained a wide variety of totally awesome gear (hence the name Read More >>
). This year is certainly no exception as the folks over at DevCentral have outdone themselves yet again! This year it contained something so fantastic that I almost made the title for this entry “f5 Networks – The Box of Insanity”! Yes, it is that crazy good folks. But first I have to say….
F5 Networks ASM contains a very neat feature called Web Scraping Protection that I wanted to cover briefly. What I would like to highlight is what the feature is and what it does when it is actively doing its job.
This was prompted by the fact that I noticed recently that there is not a lot of documentation available on the web regarding the F5 BIG-IP’s Web Scraping Protection mechanism and almost none regarding what it actually does to the underlying web page code presented to your end users. Read More >>
