Allowed URL with Parameter

Question

Hello, everybody,&nbsp;
I have inferential problem.
I have two URLs, one should be allowed and the other should not be allowed.&nbsp;
/prweb/*/!STANDARD?pyActivity= --&gt; allowed&nbsp;
/prweb/*/!STANDARD             --&gt; not allowed&nbsp;
Now the F5 only recognizes the first part as URL and not the parameter.
How can I get it that only the URL with the parameter can be called?&nbsp;
Already entered the parameter at the URL.
But I can call both URLs.&nbsp;
Does anyone have an idea?&nbsp;
Thanks
Udo&nbsp;

stanislas_piro2 · Answer

In ASM, there is no rule to deny url without parameter but only defining allowed parameters...
If you want to do it, you have to write an irule...
when HTTP_REQUEST { 
    if {!([string match [HTTP::path] "/prweb/*/!STANDARD"] &amp;&amp; [HTTP::query] starts_with "pyActivity")} {    
        drop        
    }    
}

You can also do it within a LOCAL TRAFIC POLICY with same logic

andre-germany · Answer

I just built it.&nbsp;
Now I also get an Arlam when calling the page with the parameter.&nbsp;
&nbsp;
&nbsp;

Forum Discussion

Allowed URL with Parameter

Recent Discussions

Help needed with iRule (connection closed log )

AS3 Limitations

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

Define allowed character in ASM for JSON parameter

Brute Force protection for single parameter like OTP

Wildcard Parameter signature attack

Parameter Value - Regular Expression

AWAF Path Parameters with OPENAPI json file

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS