Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP ASM
Fixed In:
16.1.0
Opened: Dec 09, 2020 Severity: 2-Critical
There is only a default 'disallow' action available for the SSRF host configuration API endpoint 'policies/ssrf-disallowed-hosts', whereas it is supposed to have 'allow' and 'resolve' options as well.
This results in the improper configuration of the SSRF hosts and the feature and functionality will be limited from a usability perspective.
- AWAF enabled - SSRF feature enabled
None
The rest endpoint 'policies/ssrf-hosts' have the 'allow', 'disallow' and 'resolve' options.