Forum Discussion
ASM Wildcard in the middle of the URL
Right, I've tested this and it does indeed work.
To expand on the above, the application we are protecting uses REST API calls. A client, as part of its request, sends through an ID in the URL. The ID is unique to each client, and with potentially thousands of clients, must be dealt with using a wildcard.
However, there are other calls the client can make that also require sending the ID, but appended is another folder/service. For example:
Call 1 from client = [HOST]/account/
Call 2 from client = [HOST]/account//product
Not sure if this is possible but can we have it so that we can wildcard the first call, e.g. '/account/*' & thus take care of the unique IDs in the requests, but also ensure that should a client request anything past the 'product' service, get blocked? So for example a client requesting the following would be blocked:
[HOST]/account//product/someotherservice
Initial thoughts suggest no, this isn't possible because the wildcard (/account/*) would mean that literally anything past 'account' would be permitted. Just trying to understand the art of the possible here.
Thank you.
CumulonimbusHello Delvin,
I know that in your situation ASM is mandatory. But in some case you want just restrict URI Access. You just have to know that your Irule, (HTTP_REQUEST event ) is executed before ASM. So In addition to your ASM Policy you can create and assign an Irule to your service in order to restrict some URI:
Below a simple example. I could not test it.
when HTTP_REQUEST {
if { ([HTTP::uri] starts_with "/account/" && ([string match "\/account\/[^\/]+" [HTTP::path]] || [string match "\/account\/[^\/]+\/product" [HTTP::path]]) } {
Pass
} else {
reject
}
}
Regards
