For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

iRule's avatar
iRule
Icon for Cirrus rankCirrus
Mar 12, 2023

Block access to one specific URL containing a keyword from ASM

Dear Support,

Using ASM, I need to block access to one specific URL if request contains a keyword  "KHTML". All other URLs requsts containing "KHTML" should not be blocked.

Kindly support in this regards

 

application delivery

1 Reply

  • Daniel_Wolf's avatar
    Daniel_Wolf
    Icon for MVP rankMVP
    Mar 12, 2023

    Hi iRule,

    yes, that's possible. One way to achieve this would be:

    1. Create an Attack Signature that looks for .khtml in the query string and assign it to the ASM policy.

    2. Create a wildcard URL where you want to block the khtml extension, like /subfolder1/*, in the allowed URLs.

    3. Add the Signature to your ASM policy.
    4. Create an exception for any URL, not use the attack signature. In my example, I created an exception for the wildcard (*) URL.

    This way the block-khtml Attack Signature will only be applied to the Allowed URL you created.

    KR
    Daniel