Forum Discussion

Jad_Tabbara__JT's avatar
Jad_Tabbara__JT
Icon for Nimbostratus rankNimbostratus
May 30, 2017

ASM disable Attack Signatures checks for a specific URL

Hello,

 

Is it possible to disable Attack Signature checks for a specific URL and to let the ASM act normally for others.

 

Example :

 

/aaa/bbb/ccc => do not check for Attack Signature

 

/* => act normally

 

Thanks for helping

 

application delivery
ASM Advanced WAF
BIG-IP
security
  • Erik_Novak's avatar
    Erik_Novak
    Icon for Employee rankEmployee
    May 31, 2017

    You can disable attack signatures for a specific parameter on the properties screen for the parameter...

     

  • Jad_Tabbara__J1's avatar
    Jad_Tabbara__J1
    Icon for Cirrostratus rankCirrostratus
    Jun 01, 2017

    Thanks for your answers.

     

    Finally I have done like that :

     

    1) I created a new "Wildcard URL" /aaa/bbb/ccc/*

     

    2) Then from "Parameters" I created a new wildcard (*) parameter on URL level

     

     

  • Ashwin_Venkat's avatar
    Ashwin_Venkat
    Icon for Employee rankEmployee
    Jun 21, 2017

    The ability to disable/enable attack signatures on a per-URL basis was introduced as a feature only in v13. Therefore, in v13 and above, you can create the URL as an Allowed URL (Explicit or Wildcard) and then configure the Overridden Security Policy settings within the Attack Signature tab for that URL.

     

    In all versions prior to that, you can only make this exception on the parameter level or else it'll need to be done globally for that policy. One other option, for these pre-13.x versions, would be to use the ASM::unblock iRule event.

     

    These two links gives more insight regarding these iRule events:

     

    https://devcentral.f5.com/wiki/iRules.ASM__unblock.ashx https://devcentral.f5.com/wiki/irules.asm__violation_data.ashx