Forum Discussion

young19918

Cirrus

Mar 20, 2024

About BIG-IP ASM system to enforce URL flows

Hello experts, https://my.f5.com/manage/s/article/K64208044 Can you tell me how to determine the traffic that is executing the URL, and whether it is relying on the "Referer" header to judge? ...

application delivery

Nikoolayy1

MVP

Mar 21, 2024

I admit I am not fully understanding your questions.

Yes , flow is based on Referrer headers and the entrypoint URL can be directly called as it it is start endpoint of the flow. This is like for example a main web page and after that the main page can have images that are located in other urls that will be accessed with web requests with referrer headers that show the main page.

You can enable the flow violations in learn and alarm and test the feature by accessing url that that shouldn't be accessed directly (not the flow entrypoint URL). This is how you can test without blocking traffic and seeing the request log 😉 Also read about flow parameters as well.

Also see:

Advanced WAF / BIG-IP ASM parameter matching (f5.com)

https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-asm-implementations/adding-entities-to-a-security-policy.html

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)