Forum Discussion

Nimbostratus

Jan 07, 2018

Block one type request

Dear All, I would like to block one attack signature if it contains uniq request type on F5-ASM, without any traffic learning. For example: I have a request from multi type IPs. I would lik...

Cumulonimbus

Jan 08, 2018

You can define an ASM user defined violation and raise it if condition meet.

when HTTP_REQUEST {
  set reqBlock 0
  if { ([string tolower [HTTP::uri]] contains "/example" ) 
     && ( [IP::addr [IP::client_addr] equals x.x.x.0/24] ) } {
    set reqBlock 1
  }
}   
when ASM_REQUEST_DONE {
  if { $reqBlock == 1} {
    ASM::raise VIOLATION_FORBIDDEN_URL
  }
}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Block one type request

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Application Programming Interface (API) Authentication types simplified

Block requests by reverse DNS record

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

Block Referral Requests

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS