Forum Discussion
NimbostratusBlock a specific URL that only ends with a specific keyword
Hello,
is it possible to block a specific URL (https based) that ENDS only with a specific keyword?
for example if I have a domain example.com and I want to only block: https://example.com/Logon and https://example.com/Logon/login
But at the same time I want any URL that CONTAINS the keyword Logon or login not to get blocked too.
for example: https://example.com/Logon/login?service=
so I can have the below results: https://example.com/Logon[BLOCK] https://example.com/Logon/login [BLOCK] https://example.com/Logon/login?service=[ALLOW]
Thank you,
2 Replies
Stanislas_Piro2Cumulonimbus
Try that:
In the URL : https://example.com/Logon/login?service=
- HTTP::host is example.com
- HTTP::path is /Logon/login
- HTTP::query is service=
- HTTP::uri is /Logon/login?service=
.
when HTTP_REQUEST { switch -glob [string tolower [HTTP::path]] { "*/logon" - "*/logon/login" { if {[HTTP::query] equals ""} { HTTP::respond 404 content { Access denied Access denied } noserver return } } }
samstepCirrocumulus
Your requirement is not quite clear.
Do you actually need to block URLs with specific keywords like "Logon" or just any URLs which don't have any parameters?
If you just need to block the URL without parameters you can simply make the parameters mandatory on wildcard URLs:
"*/Logon" "*/Logon/login"and block if mandatory parameters are missing (e.g. parameter named "service" as per your example)
Another way is to create a custom ASM signature - refer to SOL15241:
https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15241.html
Hope this helps, Sam
