Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Brandon's avatar
Brandon
Icon for Cirrostratus rankCirrostratus
Jun 28, 2023

ASM Policy

  Uri    /abt/color/blue/* So the  /abt/color/blue/  will always be the same.              When I do the wild card, will it match something below.  I have a back slash and additional wildcards. F...
application delivery
security
JRahm's avatar
JRahm
Icon for Admin rankAdmin
Jun 28, 2023

Hi Brandon, I think this regex will work for what you're trying to do:

/abt/color/blue(/|$)(.*)

This should match /abt/color/blue and /abt/color/blue/ and /abt/color/blue/and/red/and/whatever but not /abt/color/blueandredandwatever.

gersbah's avatar
gersbah
Icon for Cirrostratus rankCirrostratus
Jul 04, 2023

Wait, since when does ASM support regex for URLs? Last I checked it was limited to a basic wildcard syntax.

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Jul 10, 2023

    Good call gersbah, in looking into the ASM-specific support for URL, regex is indeed not supported.

    Brandon I removed my answer as a solution. That said, you might investigate using an iRule (shown below) or a local traffic policy to do the same...you could inspect the URL in the HTTP_REQUEST event and check your URL with regex, or simplify to just test your URL string with something like:

     

    if { ( [string tolower [HTTP::uri]] eq "/abt/color/blue" ) || 
     ( [string tolower [HTTP::uri]] starts_with "/abt/color/blue/" ) } {
        # do allowed stuff here...
else { # take corrective action here, like raise an ASM violation }

     

    Note that if you have other approved URLs with starting patterns, you'd need to handle that logic as well, this is specific to this use case.