Forum Discussion

Nimbostratus

Mar 15, 2019

Allowed URL with Parameter

Hello, everybody, I have inferential problem. I have two URLs, one should be allowed and the other should not be allowed. /prweb/*/!STANDARD?pyActivity= --> allowed /prweb/*/!STANDARD ...

Cumulonimbus

Mar 15, 2019

In ASM, there is no rule to deny url without parameter but only defining allowed parameters...

If you want to do it, you have to write an irule...

when HTTP_REQUEST { 
    if {!([string match [HTTP::path] "/prweb/*/!STANDARD"] && [HTTP::query] starts_with "pyActivity")} {    
        drop        
    }    
}

You can also do it within a LOCAL TRAFIC POLICY with same logic

Forum Discussion

Allowed URL with Parameter

Recent Discussions

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Define allowed character in ASM for JSON parameter

Brute Force protection for single parameter like OTP

Wildcard Parameter signature attack

HTTP auth - Calling external API with parameters

AWAF Path Parameters with OPENAPI json file