ASM - how to protect a dynamic web pages

Question

Hi
1. I face a problem with a dynamic pages 
since I have a website with an html editor
then any user can add pages and upload files.&nbsp;
This cause URL rewriting problem. This mean that I
 don't have just static URLs.
How to protect this pages and how to add them to the allowed URLs.&nbsp;
Thanks&nbsp;

samstep · Answer

Hi Majda, you can use wildcard URLs for the dynamic pages - find out what pattern these pages have (.e.f /content/page.blah) and create a wildcard URL in your policy based on this pattern.&nbsp;
Hope this helps,
Sam&nbsp;

majda_wazzan_18 · Answer

Thanks samstep
I'll explain more&nbsp;
The members of the website uses the HTML editor 
to create new webpages, and they can upload files
so I don't know what is the URL because it is generated
automatically.
for the wildcards: yes I use them for the static URLs&nbsp;
Thanks for replying&nbsp;

samstep · Answer

Hi Majda, of course you would not see the actual URL as it can be anything, but there will always be a base URL you can use for a wildacrd. &nbsp;
For example - have a look at the URL of this page - it is dynamic as well! You named your question "ASM - how to protect a dynamic web pages" and DevCentral has created a URL: https://devcentral.f5.com/questions/asm-how-to-protect-a-dynamic-web-pages which is a dynamic URL.&nbsp;
However as you can wee the base URL is /questions/ so in ASM policy for DevCentral there is a WildCard URL: /questions/* - you can do the same in your policy.&nbsp;
Sam&nbsp;

majda_wazzan_18 · Answer

Hi samstep&nbsp;
I try to access the following:
https://devcentral.f5.com/questions/*&nbsp;
and I got the following error message : 
The requested URL was rejected. Please consult with your administrator.
Your support ID is: 18396158700765954698&nbsp;
this mean that using * is not acceptable in these cases, 
because using this wildcard brings many security concerns.&nbsp;
Thanks&nbsp;

samstep · Answer

Hi Majda, you clearly misunderstood the wildcard concept - these are not real URLs you can access in the browser, but in your ASM policy. "" when use din your F5 ASM policy means "any URL". When "" used in a URL you access with your  browser it will not work - it is a disallowed meta-character and is rightfully blocked.&nbsp;
It appears that you are lacking training in F5 ASM. I highly recommend that you take an F5 ASM training course to gain understanding about web applications and how to protect them from attacks using F5 ASM module. Information about F5 ASM training course is available here:&nbsp;
https://f5.com/education/training/courses/configuring-big-ip-asm-v11-application-security-manager&nbsp;

Forum Discussion

ASM - how to protect a dynamic web pages

6 Replies

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Random TCP Resets from F5

Base64 decoding issue (JSON request)

F5 i-series Guests to r-series tenants migration

Block specific URL's in APM

Sizing calculation storage

Related Content

Runtime API Security: From Visibility to Enforced Protection

L7 DoS Protection with NGINX App Protect DoS

F5 API Security: Discovery and Protection

Cookie-based DDoS protection

Beyond REST: Protecting GraphQL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS