3. Securing your application with iRules¶
Security vulnerabilities are on the rise. In 2018, over 16,000 new CVEs were published, a more than 300% increase over 5 years (according to Skybox Security's 2019 Vulnerability and Threat Trends Report), and the number of known critical vulnerabilities is so large that application security teams simply cannot patch quickly enough. As you’re no doubt aware by now, F5 iRules can often “fix” things that are missing or hard to solve in the existing application stack. Of course, custom code should never take the place of a good security product, but arguably there’s no single security device that can address every vulnerability; and malware and other exploits generally move faster than software updates and patches. F5 iRules give you the power and flexibility to fill those gaps, and these labs provide just a taste of some of that power. In the following, you’ll see a handful of ways to use iRules to defend and protect against malicious activity in your enterprise.
Ultimately though, this is incomplete. There’s simply no way to include iRules code for every possible vulnerability, and we’d rather not hand you a 500-page guide. If you need to fix some specific security issue that we haven’t included here, or simply have questions, please let the F5 DevCentral community know.
In these labs, a Windows jumphost is not required. All testing will be done from a command prompt on a lab Ubuntu client. The labs in the "Additional Labs" section were written for a previous Agility lab, and were not reformated for virtual delivery. They contain valuable content, but may require additional resources to get working in the current lab environment.