For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Amine_373499's avatar
Amine_373499
Icon for Nimbostratus rankNimbostratus
Dec 24, 2018

ASM : Allow specific tricky URL

Good morning all , Well i have to URL that are driving me crazy and i cannot figure out the best way to allow : first one : /email/id_user/user@outlook.com ==> trigger violation of file ty...
ASM Advanced WAF
iRules
security
DaveMu_375542's avatar
DaveMu_375542
Icon for Nimbostratus rankNimbostratus
Dec 24, 2018

As to your first question, you could add each of those top level domains to the Allowed File Types. Each violation in the ASM logs should also allow you to learn them individually. If that's impractical for you, you could also write an iRule. It could say something like, IF the URI starts with "/email/id_user/", AND triggers a File Type Violation, it should be UNBLOCKED, but any other violations should remain BLOCKED.

 

DaveMu_375542's avatar
DaveMu_375542
Icon for Nimbostratus rankNimbostratus
Dec 27, 2018

You can allow that regular expression in Application Security > Parameters > Parameters List. Create a new Explicit parameter, select "URL" for Parameter Level and enter your path. You can then enable the regular expression in the DataType tab. "enable" the check box and add your expression.

 

Here's a good intro to how iRules works, but I think the following should unblock any request that starts with "/email/id_user/" and also triggers a filetype violation.

 

if { ([HTTP::uri] starts_with "/email/id_user/") and ([ASM::violation names] equals [VIOLATION_OBJ_TYPE]) } { 
    [ASM::unblock]
   }

I hope this helps!