Forum Discussion
Mohamedabogamil
Nimbostratus
Nimbostratusallow one url from blocks geolocation
i have published service from waf and i block urls on all country except KSA and i have one url allowed from aruba i used below i rule but its didn't work
hen HTTP_REQUEST {
if { ([string tolower [HTTP::uri]] eq "GET /Arabic/MediaCenter/News/Pages/Infectious-Disease-Week.aspx HTTP/1.1") and ([whereis [IP::client_addr] country] ne " Sweden") } {
ASM::unblock
} else {
return
}
}
Also make sure that the Trigger ASM iRule Events setting is enabled in your security policy. See: Solved: Where in F5 ASM do I enable the Trigger ASM iRule ... - DevCentral
It also helps to add more logging to your iRule, so you can see if the event is hit at all.
It seems your first if statement is wrong, because it lowers all strings in [HTTP::uri] and then it is compared to a string which includes uppercase characters. So there will never be a match. Second, the '[whereis ip country]" command returns a string containing the two-letter country code. So it will not match 'Sweden'. And the ASM::unblock command can't be used in the HTTP_REQUEST event.
See:
So, your iRule should be more like:
when ASM_REQUEST_DONE { if { ([string tolower [HTTP::uri]] eq [string tolower "/Arabic/MediaCenter/News/Pages/Infectious-Disease-Week.aspx"]) and ([whereis [IP::client_addr] country] ne "SE") } { ASM::unblock log local0. "[ASM::violation_data]. Unblocked for [IP::client_addr]" } else { return } }
Mohamedabogamilthanks for the reply but I tried it and asm still blocks the request. any advise for different irule
Also make sure that the Trigger ASM iRule Events setting is enabled in your security policy. See: Solved: Where in F5 ASM do I enable the Trigger ASM iRule ... - DevCentral
It also helps to add more logging to your iRule, so you can see if the event is hit at all.
- Mohamedabogamil
Thanks for you reply
