Forum Discussion
NimbostratusASM - Block GET requests on a specific URL
1 - Creating a new User-defined ASM violation
Security > Options > Application Security > Advanced Configuration > Violations List > User Defined Violations (tab); Select "Create New User-Defined Violation"
Sample Field Values (adjust as needed): Name "VIOLATION_FORBIDDEN_GET_PATH" Title "GET Request to a restricted path" Type "Access Violation" Severity "Alert" Attack Type "Abuse of Functionality" Description (leave empty)2 - Go to Blocking Settings
Select Block for your new custom violation (or Alarm, if you want to transparently test)
3 - Creating an iRule
The sample below covers the most simple use-case, a single path. In case of 10 or more paths, using a LTM data group entry match, or a switch statement would be a better option.
when HTTP_REQUEST { set reqBlock 0 if {([HTTP::method] equals "GET") and ([string tolower [HTTP::path]] equals "/mypath/index.aspx")}{ set reqBlock 1 } } when ASM_REQUEST_DONE { if { $reqBlock == 1} { ASM::raise VIOLATION_FORBIDDEN_GET_PATH } }
NimbostratusThe "Allowed Methods" entity covers the policy as a whole. As far as I'm aware, no such granularity exists to have exceptions per Path, or per URI. This alone is a show-stopper, not to mention the hacks you need to implement to prohibit GET method in ASM. To achieve what you requested, your best bet is to use an iRule.
It would be the easiest solution to drop or reject a request in LTM. A slightly harder solution would be raising a user-defined violation that you define in ASM. This way your users will see the typical ASM blocking page in response. You will still need to use an iRule to raise the violation itself.
Let us know if any help with iRule is needed.
