Follow

Q&A: What is an "Illegal Redirection Attempt" WAF Policy violation?

 

Question

  • What does Illegal redirection attempt mean in the Support-ID/s?
  • Why do I have to explicitly allow redirections to domains in the WAF policy?
  • How can Silverline WAF protect against Open redirect attacks?

 

Environment

  • Silverline WAF
  • BIG-IP ASM
  • WAF Policy/Policies

 

Answer

  • An attacker can redirect users on web applications to external malicious domains/sub-domains. This can lead to unsuspecting users giving away their personal information.
  • To prevent such actions, the WAF policy checks redirections by enforcing the allowed domains/sub-domains that have been defined in the policy and only redirects to these addresses.

What to Do

When you see the "Illegal redirection attempt" violation, review the domains. If you wish to add these domains to the allowed domains:

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request