For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jad_Tabbara__JT's avatar
Jad_Tabbara__JT
Icon for Nimbostratus rankNimbostratus
May 30, 2017

ASM disable Attack Signatures checks for a specific URL

Hello,   Is it possible to disable Attack Signature checks for a specific URL and to let the ASM act normally for others.   Example :   /aaa/bbb/ccc => do not check for Attack Signature ...
application delivery
ASM Advanced WAF
BIG-IP
security
Ashwin_Venkat's avatar
Ashwin_Venkat
Icon for Employee rankEmployee
Jun 21, 2017

The ability to disable/enable attack signatures on a per-URL basis was introduced as a feature only in v13. Therefore, in v13 and above, you can create the URL as an Allowed URL (Explicit or Wildcard) and then configure the Overridden Security Policy settings within the Attack Signature tab for that URL.

 

In all versions prior to that, you can only make this exception on the parameter level or else it'll need to be done globally for that policy. One other option, for these pre-13.x versions, would be to use the ASM::unblock iRule event.

 

These two links gives more insight regarding these iRule events:

 

https://devcentral.f5.com/wiki/iRules.ASM__unblock.ashx https://devcentral.f5.com/wiki/irules.asm__violation_data.ashx