For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Stefan_Klotz_85's avatar
Stefan_Klotz_85
Icon for Cirrus rankCirrus
Dec 21, 2015

ASM disable violations just for specific requests

During creation and fine-tuning of an ASM-policy (based on manually Rapid Deployment) we found lots of valid requests, which trigger for example an Attack Signature or RFC compliances checks. But ins...
ASM Advanced WAF
security
waf
Jinshu's avatar
Jinshu
Icon for Cirrus rankCirrus
Dec 21, 2015

Here you go..

Local Traffic > Policies > asm_l7_policy_whatever.website.com > under Rules click on Add, give it a name, like policy_whitelist, operand: http-uri (leave rest of fields default) > condition: choose equals/contains/etc, value = your URI, click add, then click the Add further down where operand/event/etc is located.

In the Actions area, target > asm, action > disable. Click Add where target/event/etc are. and Finished.

Then once back at the main policy page, do a re-order and move the policy_whitelist you created above default, so it will disable on the URI string prior to hitting the default ASM enable.. once you done this once or twice, pretty simple and can be used a lot.

Below Irule also does the same. If you are applying Irule please ignore the above section.

when HTTP_CLASS_SELECTED { 
ASM::enable 
if { [HTTP::uri] starts_with "/sites/pentest/" } { 
ASM::disable 
} 
}

-Jinshu