SlideShare a Scribd company logo

Html cors- lior rotkovitch

Lior Rotkovitch
Lior Rotkovitch

CORS WAF

Engineering
1 of 24
Download to read offline
BIG-IP V11.4 ASM TRAINING: HTML 5 – CORS Created by Lior Rotkovitch ASM - New Product Introduction December 2013
what is CORS ? • Cross-Origin Resource Sharing • enables one website to access the resources of another website using JavaScript • part of the HTML5 related specifications
• CORS defines how to authorize an application from a foreign origin, executing in the browser, to access the HTTP response of a resource from another origin the java script that domain.com send a preflight CORS request to know which permission are allowed to be accessed at web site b Web site a send response to browser.
If CORS is configures at exmaple.com it will sends the users browsers the attributes of how a request is allowed to access exmaple.com from the browser when communicating with domain.com
CORS Request headers • related headers that are included in a preflight request: • Origin - Determines requesting origin • Access-Control-Request-Method – tell the server which methods will be used in the actual request in addition to: GET POST and HEAD • Access-Control-Request-Headers – – tell the server which methods will be used in the actual request in addition to: GET POST and HEAD
CORS response headers • Access-Control-Allow-Origin – List of origins the resource may be shared among (support wildcard) • Access-Control-Allow-Credentials – Indicates whether actual request may include user credentials (true/false) • Access-Control-Allow-Methods - Indicates which methods can be used during the actual request • Access-Control-Allow-Headers - Indicates which request headers can be used during the actual request • Access-Control-Max-Age – Indicates how long (in seconds) the results of a preflight request may be cached in the browser • Access-Control-Expose-Headers – Indicates which response headers are safe to expose to JavaScript
ASM CORS • CORS should be enable in the server to which the JS will send a request. • ASM provides a GUI to enforce CORS incase the CORS is not configured (but is enabled) or to override the CORS server definitions. • ASM CORS enforcement can be define on a URL
ASM GUI
ASM GUI – CORS is enabled
Allowed origins headers
Allowed Methods header
Allowed Methods header
Allowed headers header
Allowed headers header
Allowed headers header
Exposed Headers
Exposed Headers
Exposed Headers
Allow Credentials
Allow Credentials
Maximum Age
Maximum Age
Html cors- lior rotkovitch

Recommended

Леонід Кузьмін “Сам собі паблішер. Від сайту ігрової студії до універсального...
Леонід Кузьмін “Сам собі паблішер. Від сайту ігрової студії до універсального...Леонід Кузьмін “Сам собі паблішер. Від сайту ігрової студії до універсального...
Леонід Кузьмін “Сам собі паблішер. Від сайту ігрової студії до універсального...Lviv Startup Club
 
slides (PPT)
slides (PPT)slides (PPT)
slides (PPT)webhostingguy
 
Mage Titans 2015
Mage Titans 2015Mage Titans 2015
Mage Titans 2015paupartington
 
Web Servers(IIS, NGINX, APACHE)
Web Servers(IIS, NGINX, APACHE)Web Servers(IIS, NGINX, APACHE)
Web Servers(IIS, NGINX, APACHE)Reza Jebeli
 
Using Server-Timing for App and CDN Monitoring
Using Server-Timing for App and CDN MonitoringUsing Server-Timing for App and CDN Monitoring
Using Server-Timing for App and CDN MonitoringAkamai Developers & Admins
 
MongoDB Server Provisioning - From 2 Months to 2 Minutes
MongoDB Server Provisioning - From 2 Months to 2 MinutesMongoDB Server Provisioning - From 2 Months to 2 Minutes
MongoDB Server Provisioning - From 2 Months to 2 MinutesMongoDB
 
web server
web serverweb server
web servernava rathna
 
Optimiszing proxy
Optimiszing proxyOptimiszing proxy
Optimiszing proxyProxies Rent
 

Recommended

Леонід Кузьмін “Сам собі паблішер. Від сайту ігрової студії до універсального...
Леонід Кузьмін “Сам собі паблішер. Від сайту ігрової студії до універсального...Леонід Кузьмін “Сам собі паблішер. Від сайту ігрової студії до універсального...
Леонід Кузьмін “Сам собі паблішер. Від сайту ігрової студії до універсального...Lviv Startup Club
 
slides (PPT)
slides (PPT)slides (PPT)
slides (PPT)webhostingguy
 
Mage Titans 2015
Mage Titans 2015Mage Titans 2015
Mage Titans 2015paupartington
 
Web Servers(IIS, NGINX, APACHE)
Web Servers(IIS, NGINX, APACHE)Web Servers(IIS, NGINX, APACHE)
Web Servers(IIS, NGINX, APACHE)Reza Jebeli
 
Using Server-Timing for App and CDN Monitoring
Using Server-Timing for App and CDN MonitoringUsing Server-Timing for App and CDN Monitoring
Using Server-Timing for App and CDN MonitoringAkamai Developers & Admins
 
MongoDB Server Provisioning - From 2 Months to 2 Minutes
MongoDB Server Provisioning - From 2 Months to 2 MinutesMongoDB Server Provisioning - From 2 Months to 2 Minutes
MongoDB Server Provisioning - From 2 Months to 2 MinutesMongoDB
 
web server
web serverweb server
web servernava rathna
 
Optimiszing proxy
Optimiszing proxyOptimiszing proxy
Optimiszing proxyProxies Rent
 
CORS and (in)security
CORS and (in)securityCORS and (in)security
CORS and (in)securityn|u - The Open Security Community
 
What Is Cross-Origin Resource Sharing in Web Development.pdf
What Is Cross-Origin Resource Sharing in Web Development.pdfWhat Is Cross-Origin Resource Sharing in Web Development.pdf
What Is Cross-Origin Resource Sharing in Web Development.pdfMPrashanth13
 
Cross-origin resource sharing
Cross-origin resource sharingCross-origin resource sharing
Cross-origin resource sharingUttom Akash
 
Cross Origin Resource Sharing (CORS) - Azizul Hakim
Cross Origin Resource Sharing (CORS) - Azizul HakimCross Origin Resource Sharing (CORS) - Azizul Hakim
Cross Origin Resource Sharing (CORS) - Azizul HakimCefalo
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityJohn Varghese
 
Cors (cross origin request sharing) in mule
Cors (cross origin request sharing) in muleCors (cross origin request sharing) in mule
Cors (cross origin request sharing) in muleAnkit Lawaniya
 
Web 13 | REST API
Web 13 | REST APIWeb 13 | REST API
Web 13 | REST APIMohammad Imam Hossain
 
Browsers_SameOriginPolicy_CORS_ContentSecurityPolicy
Browsers_SameOriginPolicy_CORS_ContentSecurityPolicyBrowsers_SameOriginPolicy_CORS_ContentSecurityPolicy
Browsers_SameOriginPolicy_CORS_ContentSecurityPolicysubbul
 
Using Communication and Messaging API in the HTML5 World
Using Communication and Messaging API in the HTML5 WorldUsing Communication and Messaging API in the HTML5 World
Using Communication and Messaging API in the HTML5 WorldGil Fink
 
Api security-testing
Api security-testingApi security-testing
Api security-testingn|u - The Open Security Community
 
Web technologies: HTTP
Web technologies: HTTPWeb technologies: HTTP
Web technologies: HTTPPiero Fraternali
 
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...Amazon Web Services
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
 
Web Security - Cookies, Domains and CORS
Web Security - Cookies, Domains and CORSWeb Security - Cookies, Domains and CORS
Web Security - Cookies, Domains and CORSPerfectial, LLC
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 
HTML5 hacking
HTML5 hackingHTML5 hacking
HTML5 hackingBlueinfy Solutions
 
Resting on your laurels will get you powned
Resting on your laurels will get you pownedResting on your laurels will get you powned
Resting on your laurels will get you pownedDinis Cruz
 
Hyper text transport protocol
Hyper text transport protocolHyper text transport protocol
Hyper text transport protocolHarshithaAllu
 
EWD 3 Training Course Part 33: Configuring QEWD to use CORS
EWD 3 Training Course Part 33: Configuring QEWD to use CORSEWD 3 Training Course Part 33: Configuring QEWD to use CORS
EWD 3 Training Course Part 33: Configuring QEWD to use CORSRob Tweed
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesSam Bowne
 
Software management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfSoftware management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfLior Rotkovitch
 
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...Lior Rotkovitch
 

More Related Content

Similar to Html cors- lior rotkovitch

What Is Cross-Origin Resource Sharing in Web Development.pdf
What Is Cross-Origin Resource Sharing in Web Development.pdfWhat Is Cross-Origin Resource Sharing in Web Development.pdf
What Is Cross-Origin Resource Sharing in Web Development.pdfMPrashanth13
 
Cross-origin resource sharing
Cross-origin resource sharingCross-origin resource sharing
Cross-origin resource sharingUttom Akash
 
Cross Origin Resource Sharing (CORS) - Azizul Hakim
Cross Origin Resource Sharing (CORS) - Azizul HakimCross Origin Resource Sharing (CORS) - Azizul Hakim
Cross Origin Resource Sharing (CORS) - Azizul HakimCefalo
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityJohn Varghese
 
Cors (cross origin request sharing) in mule
Cors (cross origin request sharing) in muleCors (cross origin request sharing) in mule
Cors (cross origin request sharing) in muleAnkit Lawaniya
 
Browsers_SameOriginPolicy_CORS_ContentSecurityPolicy
Browsers_SameOriginPolicy_CORS_ContentSecurityPolicyBrowsers_SameOriginPolicy_CORS_ContentSecurityPolicy
Browsers_SameOriginPolicy_CORS_ContentSecurityPolicysubbul
 
Using Communication and Messaging API in the HTML5 World
Using Communication and Messaging API in the HTML5 WorldUsing Communication and Messaging API in the HTML5 World
Using Communication and Messaging API in the HTML5 WorldGil Fink
 
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...Amazon Web Services
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
 
Web Security - Cookies, Domains and CORS
Web Security - Cookies, Domains and CORSWeb Security - Cookies, Domains and CORS
Web Security - Cookies, Domains and CORSPerfectial, LLC
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 
Resting on your laurels will get you powned
Resting on your laurels will get you pownedResting on your laurels will get you powned
Resting on your laurels will get you pownedDinis Cruz
 
Hyper text transport protocol
Hyper text transport protocolHyper text transport protocol
Hyper text transport protocolHarshithaAllu
 
EWD 3 Training Course Part 33: Configuring QEWD to use CORS
EWD 3 Training Course Part 33: Configuring QEWD to use CORSEWD 3 Training Course Part 33: Configuring QEWD to use CORS
EWD 3 Training Course Part 33: Configuring QEWD to use CORSRob Tweed
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesSam Bowne
 

Similar to Html cors- lior rotkovitch (20)

CORS and (in)security
CORS and (in)securityCORS and (in)security
CORS and (in)security
 
What Is Cross-Origin Resource Sharing in Web Development.pdf
What Is Cross-Origin Resource Sharing in Web Development.pdfWhat Is Cross-Origin Resource Sharing in Web Development.pdf
What Is Cross-Origin Resource Sharing in Web Development.pdf
 
Cross-origin resource sharing
Cross-origin resource sharingCross-origin resource sharing
Cross-origin resource sharing
 
Cross Origin Resource Sharing (CORS) - Azizul Hakim
Cross Origin Resource Sharing (CORS) - Azizul HakimCross Origin Resource Sharing (CORS) - Azizul Hakim
Cross Origin Resource Sharing (CORS) - Azizul Hakim
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills security
 
Cors (cross origin request sharing) in mule
Cors (cross origin request sharing) in muleCors (cross origin request sharing) in mule
Cors (cross origin request sharing) in mule
 
Web 13 | REST API
Web 13 | REST APIWeb 13 | REST API
Web 13 | REST API
 
Browsers_SameOriginPolicy_CORS_ContentSecurityPolicy
Browsers_SameOriginPolicy_CORS_ContentSecurityPolicyBrowsers_SameOriginPolicy_CORS_ContentSecurityPolicy
Browsers_SameOriginPolicy_CORS_ContentSecurityPolicy
 
Using Communication and Messaging API in the HTML5 World
Using Communication and Messaging API in the HTML5 WorldUsing Communication and Messaging API in the HTML5 World
Using Communication and Messaging API in the HTML5 World
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Web technologies: HTTP
Web technologies: HTTPWeb technologies: HTTP
Web technologies: HTTP
 
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
Deep Dive on Accelerating Content, APIs, and Applications with Amazon CloudFr...
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application Technologies
 
Web Security - Cookies, Domains and CORS
Web Security - Cookies, Domains and CORSWeb Security - Cookies, Domains and CORS
Web Security - Cookies, Domains and CORS
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
 
HTML5 hacking
HTML5 hackingHTML5 hacking
HTML5 hacking
 
Resting on your laurels will get you powned
Resting on your laurels will get you pownedResting on your laurels will get you powned
Resting on your laurels will get you powned
 
Hyper text transport protocol
Hyper text transport protocolHyper text transport protocol
Hyper text transport protocol
 
EWD 3 Training Course Part 33: Configuring QEWD to use CORS
EWD 3 Training Course Part 33: Configuring QEWD to use CORSEWD 3 Training Course Part 33: Configuring QEWD to use CORS
EWD 3 Training Course Part 33: Configuring QEWD to use CORS
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application Technologies
 

More from Lior Rotkovitch

Software management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfSoftware management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfLior Rotkovitch
 
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...Lior Rotkovitch
 
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdfBots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdfLior Rotkovitch
 
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...Lior Rotkovitch
 
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdf
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdfA Day in the Life of a Security Engineer from Tel Aviv- clean.pdf
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdfLior Rotkovitch
 
The WAF book (Web App Firewall )
The WAF book (Web App Firewall )The WAF book (Web App Firewall )
The WAF book (Web App Firewall )Lior Rotkovitch
 
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfBrute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfLior Rotkovitch
 
The WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitchThe WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitchLior Rotkovitch
 
The waf book intro waf elements v1.0 lior rotkovitch
The waf book intro waf elements v1.0 lior rotkovitchThe waf book intro waf elements v1.0 lior rotkovitch
The waf book intro waf elements v1.0 lior rotkovitchLior Rotkovitch
 
The waf book intro v1.0 lior rotkovitch
The waf book intro v1.0 lior rotkovitchThe waf book intro v1.0 lior rotkovitch
The waf book intro v1.0 lior rotkovitchLior Rotkovitch
 
The waf book intro attack elements v1.0 lior rotkovitch
The waf book intro attack elements v1.0 lior rotkovitchThe waf book intro attack elements v1.0 lior rotkovitch
The waf book intro attack elements v1.0 lior rotkovitchLior Rotkovitch
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection Lior Rotkovitch
 
Advance WAF bot mitigations V13.1
Advance WAF bot mitigations V13.1 Advance WAF bot mitigations V13.1
Advance WAF bot mitigations V13.1 Lior Rotkovitch
 
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanWAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanLior Rotkovitch
 
Bots mitigations overview with advance waf anti bot engine
Bots mitigations overview with advance waf anti bot engineBots mitigations overview with advance waf anti bot engine
Bots mitigations overview with advance waf anti bot engineLior Rotkovitch
 
Asm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchAsm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchLior Rotkovitch
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior Rotkovitch
 
ASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitchASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitchLior Rotkovitch
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchLior Rotkovitch
 
הדרכה מבוססת אינטרנט Wbt - Web based training
הדרכה מבוססת אינטרנט Wbt - Web based training הדרכה מבוססת אינטרנט Wbt - Web based training
הדרכה מבוססת אינטרנט Wbt - Web based training Lior Rotkovitch
 

More from Lior Rotkovitch (20)

Software management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfSoftware management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdf
 
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
 
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdfBots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
 
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
 
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdf
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdfA Day in the Life of a Security Engineer from Tel Aviv- clean.pdf
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdf
 
The WAF book (Web App Firewall )
The WAF book (Web App Firewall )The WAF book (Web App Firewall )
The WAF book (Web App Firewall )
 
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfBrute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
 
The WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitchThe WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitch
 
The waf book intro waf elements v1.0 lior rotkovitch
The waf book intro waf elements v1.0 lior rotkovitchThe waf book intro waf elements v1.0 lior rotkovitch
The waf book intro waf elements v1.0 lior rotkovitch
 
The waf book intro v1.0 lior rotkovitch
The waf book intro v1.0 lior rotkovitchThe waf book intro v1.0 lior rotkovitch
The waf book intro v1.0 lior rotkovitch
 
The waf book intro attack elements v1.0 lior rotkovitch
The waf book intro attack elements v1.0 lior rotkovitchThe waf book intro attack elements v1.0 lior rotkovitch
The waf book intro attack elements v1.0 lior rotkovitch
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection
 
Advance WAF bot mitigations V13.1
Advance WAF bot mitigations V13.1 Advance WAF bot mitigations V13.1
Advance WAF bot mitigations V13.1
 
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanWAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
 
Bots mitigations overview with advance waf anti bot engine
Bots mitigations overview with advance waf anti bot engineBots mitigations overview with advance waf anti bot engine
Bots mitigations overview with advance waf anti bot engine
 
Asm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchAsm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitch
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
 
ASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitchASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitch
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitch
 
הדרכה מבוססת אינטרנט Wbt - Web based training
הדרכה מבוססת אינטרנט Wbt - Web based training הדרכה מבוססת אינטרנט Wbt - Web based training
הדרכה מבוססת אינטרנט Wbt - Web based training
 

Recently uploaded

kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadhamedmustafa094
 
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxA CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxmaisarahman1
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Servicemeghakumariji156
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startQuintin Balsdon
 
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...soginsider
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptMsecMca
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxSCMS School of Architecture
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdfKamal Acharya
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdfKamal Acharya
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapRishantSharmaFr
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesMayuraD1
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesChandrakantDivate1
 
Bridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptxBridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptxnuruddin69
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersMairaAshraf6
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationBhangaleSonal
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaOmar Fathy
 
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...Health
 
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086anil_gaur
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"mphochane1998
 

Recently uploaded (20)

kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal load
 
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxA CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
Bridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptxBridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptx
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
 
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 

Html cors- lior rotkovitch

  • 1. BIG-IP V11.4 ASM TRAINING: HTML 5 – CORS Created by Lior Rotkovitch ASM - New Product Introduction December 2013
  • 2. what is CORS ? • Cross-Origin Resource Sharing • enables one website to access the resources of another website using JavaScript • part of the HTML5 related specifications
  • 3. • CORS defines how to authorize an application from a foreign origin, executing in the browser, to access the HTTP response of a resource from another origin the java script that domain.com send a preflight CORS request to know which permission are allowed to be accessed at web site b Web site a send response to browser.
  • 4. If CORS is configures at exmaple.com it will sends the users browsers the attributes of how a request is allowed to access exmaple.com from the browser when communicating with domain.com
  • 5. CORS Request headers • related headers that are included in a preflight request: • Origin - Determines requesting origin • Access-Control-Request-Method – tell the server which methods will be used in the actual request in addition to: GET POST and HEAD • Access-Control-Request-Headers – – tell the server which methods will be used in the actual request in addition to: GET POST and HEAD
  • 6. CORS response headers • Access-Control-Allow-Origin – List of origins the resource may be shared among (support wildcard) • Access-Control-Allow-Credentials – Indicates whether actual request may include user credentials (true/false) • Access-Control-Allow-Methods - Indicates which methods can be used during the actual request • Access-Control-Allow-Headers - Indicates which request headers can be used during the actual request • Access-Control-Max-Age – Indicates how long (in seconds) the results of a preflight request may be cached in the browser • Access-Control-Expose-Headers – Indicates which response headers are safe to expose to JavaScript
  • 7. ASM CORS • CORS should be enable in the server to which the JS will send a request. • ASM provides a GUI to enforce CORS incase the CORS is not configured (but is enabled) or to override the CORS server definitions. • ASM CORS enforcement can be define on a URL
  • 9. ASM GUI – CORS is enabled
  • 10.