Block access to one specific URL containing a keyword from ASM

Hi iRule,

yes, that's possible. One way to achieve this would be:

1. Create an Attack Signature that looks for .khtml in the query string and assign it to the ASM policy.

2. Create a wildcard URL where you want to block the khtml extension, like /subfolder1/*, in the allowed URLs.

3. Add the Signature to your ASM policy.
4. Create an exception for any URL, not use the attack signature. In my example, I created an exception for the wildcard (*) URL.

This way the block-khtml Attack Signature will only be applied to the Allowed URL you created.

KR
Daniel