Blocking URI

Question

Hello&nbsp;
I need to block a URI /example.ashx?f=WXR&amp;auser=1134&nbsp;
i created a custom violation called VIOLATION_FORBIDDEN and created the below iRule and apply it on the VS. But it is not working, and in the security event logs i am able to see this URI as legal request. 
But when i write in the iRule /example.ashx?f it is stopping it but other function on the applications are stopped too, so this is not a solution.&nbsp;
Any idea?&nbsp;
when HTTP_REQUEST {
  set reqBlock 0
  if {([string tolower [HTTP::uri]] contains "/example.ashx?fn=WXR&amp;auser=1134")}  {
  set reqBlock 1
  }
}&nbsp;
when ASM_REQUEST_DONE {
  if { $reqBlock == 1} {
    ASM::raise VIOLATION_FORBIDDEN
  }
}&nbsp;

lee_sutcliffe · Answer

you are using string tolower but comparing it against a string that has upper case characters. 
Try changing to this:
if {([string tolower [HTTP::uri]] contains "/example.ashx?fn=wxr&amp;auser=1134")} {

jesse_green_347 · Answer

This is great and something I think I can use however I need help adding logic to allow the URI above if client IP is a private range. example 10.x.x.x/8 allow internal users to the URI, if not in range raise to violation forbidden? Any Suggestions?

Forum Discussion

Blocking URI

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

Post of the Week: Blocking a Specific URI

Response and blocking page

MS Exchange ProxyNotShell block implemented via iRules

allow one url from blocks geolocation

Block Log4j with use of IOCs

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS