Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Srj73's avatar
Srj73
Icon for Altostratus rankAltostratus
Apr 03, 2026

ASM allow specific url from outside country of geolocation ON

Team, we have asm policy in blocking mode and Geolocation is ON. There is requirement that we have to allow specific url's for the country which is blocked by geolocation. how we can do this ?
asm
security
waf
deshantha's avatar
deshantha
Icon for Employee rankEmployee
May 29, 2026

There is no procedure like "ASM::geo_disable" in current BIG-IP ASM implementations. Best way to handle this would be to create a cloned security policy with geolocation enforcement changed according the requirement and use that with the requests to specific URL.

 

Example:

when HTTP_REQUEST {
    if { [string tolower [HTTP::path]] eq "/your-specific-url" } {
        ASM::enable /Common/policy_without_geolocation
    }
}

Alternatively, you can use an ltm traffic policy to achieve the same.

Example:

If you plan to use this:

You will first need to disable the application security policy from the virtual server:security > policies tab as we will be manipulating security policy manually using an ltm traffic policy later. This will also remove the automatically created asm_auto ltm traffic policy from the virtual server.

Once the newly created ltm policy with asm manipulation attached to the virtual server, if you come back to this section, it will reflect here.

Always try to use ltm traffic policies rather than an iRule whenever possible as iRules consume more resources. Hope this helps.