Forum Discussion
NimbostratusASM Policy Allow file type only for specific URL
ASM Newbie Question. Policy learning is offering option to allow file type. I want to allow, but not for entire application but only for specific URL. I did not see option to specify under Application Security - File Types or Allowed URL, but I could be missing something. Any suggestions?
Ashwin_VenkatEmployee
We don't have a feature that lets you allow a file type only for a specific URL. As an alternative approach, you can use the ASM::unblock iRule command to unblock any request that gets blocked as a result of containing this particular file type that needs to be allowed for a URL.
For example, if "aspx" is the file type you want to allow only for a particular URL and that URL is, say, /index.aspx, then you can use an iRule similar to the following to have ASM unblock the request that it blocked in the first place (with 'Illegal File Type'):
when ASM_REQUEST_DONE { if {[ASM::violation names] contains "VIOLATION_OBJ_TYPE" and [string tolower [HTTP::uri]] contains "/index.aspx"} { ASM::unblock log local0. "ASM unblocking [HTTP::uri]" } }Make sure you have 'Trigger ASM iRule Events' option enabled for the relevant policy under Security Policy Properties section to ensure ASM iRule events get triggered.
For more info: https://devcentral.f5.com/wiki/irules.asm__violation_data.ashx https://devcentral.f5.com/wiki/irules.asm__unblock.ashx https://devcentral.f5.com/wiki/iRules.ASM_REQUEST_DONE.ashx
Stanislas_Piro2Cumulonimbus
Hi,
File type filters on extension of the URL.
If you want to allow only CSS file type in folder /css/, define the following wildcard URL:
/css/*.css