For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Brandon's avatar
Brandon
Icon for Cirrostratus rankCirrostratus
Jun 28, 2023

ASM Policy

  Uri    /abt/color/blue/* So the  /abt/color/blue/  will always be the same.              When I do the wild card, will it match something below.  I have a back slash and additional wildcards. F...
application delivery
security
JRahm's avatar
JRahm
Icon for Admin rankAdmin
Jun 28, 2023

Hi Brandon, I think this regex will work for what you're trying to do:

/abt/color/blue(/|$)(.*)

This should match /abt/color/blue and /abt/color/blue/ and /abt/color/blue/and/red/and/whatever but not /abt/color/blueandredandwatever.

gersbah's avatar
gersbah
Icon for Cirrostratus rankCirrostratus
Jul 04, 2023

Wait, since when does ASM support regex for URLs? Last I checked it was limited to a basic wildcard syntax.

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Jul 10, 2023

    Good call gersbah, in looking into the ASM-specific support for URL, regex is indeed not supported.

    Brandon I removed my answer as a solution. That said, you might investigate using an iRule (shown below) or a local traffic policy to do the same...you could inspect the URL in the HTTP_REQUEST event and check your URL with regex, or simplify to just test your URL string with something like:

     

    if { ( [string tolower [HTTP::uri]] eq "/abt/color/blue" ) || 
     ( [string tolower [HTTP::uri]] starts_with "/abt/color/blue/" ) } {
        # do allowed stuff here...
else { # take corrective action here, like raise an ASM violation }

     

    Note that if you have other approved URLs with starting patterns, you'd need to handle that logic as well, this is specific to this use case.