F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Johnnyx_304575's avatar
Johnnyx_304575
Icon for Cirrus rankCirrus
Sep 14, 2018

Allow only traffic with specific HTTP header string

Hello - I am wanting to allow only traffic with a specific HTTP header string. Would this be configured in ASM, a iRule, or a combination of both?   -Thanks  
ASM Advanced WAF
security
crodriguez's avatar
crodriguez
Ret. Employee
Sep 14, 2018

You could do this in a iRule alone, if you wanted. Maybe something like this:

when HTTP_REQUEST {
     Check if  value matches ""
    if { [HTTP::header ""] ne "" } {
         Doesn't match? Silently discard traffic... Could reject instead
        drop
    }
}

You can use ASM alone to specify that a particular HTTP header is mandatory, but I'm not aware of any way to make the "mandatory" part drill down to the value of the header as well. It's not that ASM is unable to check header values, just not in this particular context. You can have ASM check for the presence of certain headers and header values and block the traffic, for example.