Forum Discussion
0veracl0ud_1734
Nimbostratus
NimbostratusASM - Block GET requests on a specific URL
Hello,
I'm trying hard to block GET request on a specific URL with the ASM module. This URL has to allow only POST request and I saw that GET / POST request are allowed by default in the methods...
1 - Creating a new User-defined ASM violation
Security > Options > Application Security > Advanced Configuration > Violations List > User Defined Violations (tab); Select "Create New User-Defined Violation"
Sample Field Values (adjust as needed): Name "VIOLATION_FORBIDDEN_GET_PATH" Title "GET Request to a restricted path" Type "Access Violation" Severity "Alert" Attack Type "Abuse of Functionality" Description (leave empty)2 - Go to Blocking Settings
Select Block for your new custom violation (or Alarm, if you want to transparently test)
3 - Creating an iRule
The sample below covers the most simple use-case, a single path. In case of 10 or more paths, using a LTM data group entry match, or a switch statement would be a better option.
when HTTP_REQUEST { set reqBlock 0 if {([HTTP::method] equals "GET") and ([string tolower [HTTP::path]] equals "/mypath/index.aspx")}{ set reqBlock 1 } } when ASM_REQUEST_DONE { if { $reqBlock == 1} { ASM::raise VIOLATION_FORBIDDEN_GET_PATH } }
0veracl0udNimbostratus
NimbostratusThank you for your answer !
I assume that with LTM the iRule will look at that :
Code
when HTTP_REQUEST {
if {([HTTP::method] equals "GET") and ([HTTP::uri] equals "/mypath/index.aspx")}{
drop
}
}But, I'm new with the ASM module. I'm not sure how to implement the iRule to get an ASM blocking response page...
