About BIG-IP ASM system to enforce URL flows

Question

Hello experts,https://my.f5.com/manage/s/article/K64208044Can you tell me how to determine the traffic that is executing the URL, and whether it is relying on the "Referer"header to judge?If the site doesn't have "Referer"header does that mean you can't use this feature?Any help is appreciate.Thanks !!

nikoolayy1 · Answer

I admit I am not fully understanding your questions.
&nbsp;
Yes , flow is based on Referrer headers and the entrypoint URL can be directly called as it it is start endpoint of the flow. This is like for example a main web page and after that the main page can have images that are located in other urls that will be accessed with web requests with referrer headers that show the main page.
&nbsp;
You can enable the flow violations in learn and alarm and test the feature by accessing url that that shouldn't be accessed directly (not the flow entrypoint URL). This is how you can test without blocking traffic and seeing the request log 😉 Also read about flow parameters as well.
&nbsp;
Also see:
&nbsp;
Advanced WAF / BIG-IP ASM parameter matching (f5.com)
https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-asm-implementations/adding-entities-to-a-security-policy.html
&nbsp;

Forum Discussion

About BIG-IP ASM system to enforce URL flows

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

Prepare BIG-IP Central Manager for Automation

F5 BIG-IP SSL Orchestrator Configuration with Advanced WAFaaS

BIG-IP deployment options with Openshift

BIG-IP Solutions: Simple URL Redirects

F5 BIG-IP Sizing Requirement