The F5 BIG-IP appliance must be configured to restrict a consistent inbound IP for the entire management session.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-266167 | F5BI-AP-300156 | SV-266167r1024399_rule | Medium |
| Description |
| This security measure helps limit the effects of denial-of-service attacks by employing antisession hijacking security safeguards. Session hijacking, also called cookie hijacking, is the exploitation of a valid computer session to gain unauthorized access to an application. The attacker steals (or hijacks) the cookies from a valid user and attempts to use them for authentication. |
| STIG | Date |
| F5 BIG-IP TMOS ALG Security Technical Implementation Guide | 2025-06-09 |
Details
| Check Text (C-70091r1023747_chk) |
| From the BIG-IP GUI: 1. System. 2. Preferences. 3. Under Security Settings, verify "Require A Consistent Inbound IP For The Entire Web Session" box is checked. From the BIG-IP Console: tmsh list sys httpd auth-pam-validate-ip Note: This returns a value of "on". If the BIG-IP appliance is not configured to require a consistent inbound IP for the entire session for management sessions, this is a finding. |
| Fix Text (F-69994r1023748_fix) |
| From the BIG-IP GUI: 1. System. 2. Preferences. 3. Under Security Settings, check "Require A Consistent Inbound IP For The Entire Web Session". 4. Click "Update". From the BIG-IP Console: tmsh modify sys httpd auth-pam-validate-ip on tmsh save sys config |