Forum Discussion

Nimbostratus

Nov 29, 2012

ASM URL Flows

i have 2 servers behing WAF : https://ebanking.bank.com/group/ & https://estatement.bank.com/group/retail/1 server 2 has accounts details , for example the below URL show users account de...

app sec

BIG-IP Access Policy Manager (APM)

security

nathe

Cirrocumulus

Jan 30, 2013

Sachin - have you tried using the URL flows and it hasn't worked? Could you supply more details of your issue so we can look to help, e.g. ASM version, errors you may have.

I know you could always create an iRule with a referrer check so unless it's come from the correct referrer host then you could block access - this would stop people popping it straight into the browser bar. Of course the referrer header can be spoofed so this wouldn't be fool proof.

What about once a user is logged in you set a cookie in the response - again you could, via an iRule check for this cookie and only allow if it's there.

Hope this helps but get back with more info if not.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)