For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Check1t_282465's avatar
Check1t_282465
Icon for Nimbostratus rankNimbostratus
Dec 13, 2017

ASM Policy Allow traversal detection evasion only for specific URL

Our application is flagging legitimate requests for directory traversals. Learning option is to allow for application. Is it possible to allow for just one URL? For example, if I were to create a ...
ASM Advanced WAF
security
Ashwin_Venkat's avatar
Ashwin_Venkat
Icon for Employee rankEmployee
Dec 14, 2017

Starting in v13, it is possible to make granular enabling/disabling of signature checks on a per-URL basis. In this case, if the URL in question is, say, /index.html, then you can create that as an Allowed URL and disable the signature check for Directory Traversal using the Overridden Attack Signature settings within this URL.

 

If you wish to achieve this via an iRule, it can be done using the ASM::signature command and that's only been introduced in v13: https://devcentral.f5.com/wiki/iRules.ASM__signature.ashx

 

If you are running a version prior to v13, you can use ASM::unblock command to unblock a request that's been blocked with 'Attack signature detected' violation. However, you can't unblock a request when it's been blocked specifically with a particular Signature ID.