For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Jul 01, 2021
Solved

What is F5 ASM conviction and can it be used for configuring custom URL honey pot trap?

I see the feature conviction can be triggered in an irule but can it be done also in the ASM policy? Also can the honey pod traps be configured to send specific URL for the honey pod server or this i...
application delivery
ASM Advanced WAF
Integrated Bot Defense
security
  • Daniel_Wolf's avatar
    Daniel_Wolf
    Jul 12, 2021

    This became indeed my Sunday entertainment. I came up with two use cases, which I believe are good:

    1. Brute Force / Logon Page protection > 302 redirect the malicious actor to a fake site, trick him/her to believe he/she had a successful login. Might be an airgapped copy of your real site. Analyse the malicous actors movement on the fake site.
    2. Bot Defense > e.g. Bot does a mass sign up on a loyalty program. Make a (slow loading) honey page to trick the bot into believing that it succesfully signed up. Let the hacker exhaust his/her resources.

     

    I'd not use honeypages for each and everything. Hosting them requires extra resources, security measures and time effort.

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Feb 16, 2025

Remembered this old post of mine as recently I played with "ASM::" irule events 😁 I think the ASM conviction is for F5 to insert hidden urls in the responses that only bots will follow. Strange there is still not much data about this feature that was added in 15.1.x and the DOS profile is needed to trigger the Bad Actor Detection.