Last Modified: Mar 30, 2024
Affected Product(s):
F5OS F5OS
Known Affected Versions:
F5OS-A 1.3.1, F5OS-A 1.3.2, F5OS-A 1.4.0
Fixed In:
F5OS-C 1.6.0, F5OS-A 1.5.0
Opened: Feb 13, 2023 Severity: 3-Major
The F5OS webUI allows web crawlers access to all content when the Management IP address is configured to have public internet access.
This impedes the ability to satisfy internal security compliance mandates.
If the Management IP address is configured to have public internet access.
To mitigate the issue, you can manipulate the contents of the robots.txt file inside the webUI container as demonstrated below: $ ssh root@10.238.160.60 root@10.238.160.60's password: [root@appliance-1 ~]# docker exec -it vanquish-gui bash [root@d6303361e100 /]# cd /app/build [root@d6303361e100 build]# echo "User-agent: *" > robots.txt [root@d6303361e100 build]# echo "Disallow: /" >> robots.txt [root@d6303361e100 build]# cat robots.txt User-agent: * Disallow: / [root@d6303361e100 build]# exit exit [root@appliance-1 ~]# exit logout Connection to 10.238.160.60 closed.
Robots.txt now disallows web crawlers access to any content.