Detections
Analytics
F5BI-AP-300156 - The F5 BIG-IP appliance must be configured to restrict a consistent inbound IP for the entire management session.
Information
This security measure helps limit the effects of denial-of-service attacks by employing antisession hijacking security safeguards. Session hijacking, also called cookie hijacking, is the exploitation of a valid computer session to gain unauthorized access to an application. The attacker steals (or hijacks) the cookies from a valid user and attempts to use them for authentication.Solution
From the BIG-IP GUI:1. System.
2. Preferences.
3. Under Security Settings, check "Require A Consistent Inbound IP For The Entire Web Session".
4. Click "Update".
From the BIG-IP Console:
tmsh modify sys httpd auth-pam-validate-ip on
tmsh save sys config
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_F5_BIG-IP_TMOS_Y25M07_STIG.zip
Item Details
Audit Name: DISA F5 BIG-IP TMOS ALG STIG v1r2
Category: SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|SC-23, CAT|II, CCI|CCI-001184, Rule-ID|SV-266167r1024399_rule, STIG-ID|F5BI-AP-300156, Vuln-ID|V-266167
Plugin: F5
Control ID: 4801eabb9a51cc050414720bf4e8783b7f405240d2f910bbd4b75e40a9abe52d