The F5 BIG-IP appliance must be configured to restrict a consistent inbound IP for the entire management session.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-266167	SRG-NET-000230-ALG-000113	F5BI-AP-300156	SV-266167r1024399_rule	2024-09-20	1

Description
This security measure helps limit the effects of denial-of-service attacks by employing antisession hijacking security safeguards. Session hijacking, also called cookie hijacking, is the exploitation of a valid computer session to gain unauthorized access to an application. The attacker steals (or hijacks) the cookies from a valid user and attempts to use them for authentication.

ℹ️ Check
From the BIG-IP GUI: 1. System. 2. Preferences. 3. Under Security Settings, verify "Require A Consistent Inbound IP For The Entire Web Session" box is checked. From the BIG-IP Console: tmsh list sys httpd auth-pam-validate-ip Note: This returns a value of "on". If the BIG-IP appliance is not configured to require a consistent inbound IP for the entire session for management sessions, this is a finding.

ℹ️ Check

From the BIG-IP GUI: 1. System. 2. Preferences. 3. Under Security Settings, verify "Require A Consistent Inbound IP For The Entire Web Session" box is checked. From the BIG-IP Console: tmsh list sys httpd auth-pam-validate-ip Note: This returns a value of "on". If the BIG-IP appliance is not configured to require a consistent inbound IP for the entire session for management sessions, this is a finding.

✔️ Fix
From the BIG-IP GUI: 1. System. 2. Preferences. 3. Under Security Settings, check "Require A Consistent Inbound IP For The Entire Web Session". 4. Click "Update". From the BIG-IP Console: tmsh modify sys httpd auth-pam-validate-ip on tmsh save sys config