Forum Discussion
Nimbostratusallow one url from blocks geolocation
i have published service from waf and i block urls on all country except KSA and i have one url allowed from aruba i used below i rule but its didn't work
hen HTTP_REQUEST {
if { ([string tolower [HTTP::uri]] eq "GET /Arabic/MediaCenter/News/Pages/Infectious-Disease-Week.aspx HTTP/1.1") and ([whereis [IP::client_addr] country] ne " Sweden") } {
ASM::unblock
} else {
return
}
}
Also make sure that the Trigger ASM iRule Events setting is enabled in your security policy. See: Solved: Where in F5 ASM do I enable the Trigger ASM iRule ... - DevCentral
It also helps to add more logging to your iRule, so you can see if the event is hit at all.
4 Replies
It seems your first if statement is wrong, because it lowers all strings in [HTTP::uri] and then it is compared to a string which includes uppercase characters. So there will never be a match. Second, the '[whereis ip country]" command returns a string containing the two-letter country code. So it will not match 'Sweden'. And the ASM::unblock command can't be used in the HTTP_REQUEST event.
See:
So, your iRule should be more like:
when ASM_REQUEST_DONE { if { ([string tolower [HTTP::uri]] eq [string tolower "/Arabic/MediaCenter/News/Pages/Infectious-Disease-Week.aspx"]) and ([whereis [IP::client_addr] country] ne "SE") } { ASM::unblock log local0. "[ASM::violation_data]. Unblocked for [IP::client_addr]" } else { return } }
Mohamedabogamilthanks for the reply but I tried it and asm still blocks the request. any advise for different irule
Also make sure that the Trigger ASM iRule Events setting is enabled in your security policy. See: Solved: Where in F5 ASM do I enable the Trigger ASM iRule ... - DevCentral
It also helps to add more logging to your iRule, so you can see if the event is hit at all.
- Mohamedabogamil
Thanks for you reply
