Blocking URI

Question

Hello&nbsp;
I need to block a URI /example.ashx?f=WXR&amp;auser=1134&nbsp;
i created a custom violation called VIOLATION_FORBIDDEN and created the below iRule and apply it on the VS. But it is not working, and in the security event logs i am able to see this URI as legal request. 
But when i write in the iRule /example.ashx?f it is stopping it but other function on the applications are stopped too, so this is not a solution.&nbsp;
Any idea?&nbsp;
when HTTP_REQUEST {
  set reqBlock 0
  if {([string tolower [HTTP::uri]] contains "/example.ashx?fn=WXR&amp;auser=1134")}  {
  set reqBlock 1
  }
}&nbsp;
when ASM_REQUEST_DONE {
  if { $reqBlock == 1} {
    ASM::raise VIOLATION_FORBIDDEN
  }
}&nbsp;

lee_sutcliffe · Answer

you are using string tolower but comparing it against a string that has upper case characters. 
Try changing to this:
if {([string tolower [HTTP::uri]] contains "/example.ashx?fn=wxr&amp;auser=1134")} {

jesse_green_347 · Answer

This is great and something I think I can use however I need help adding logic to allow the URI above if client IP is a private range. example 10.x.x.x/8 allow internal users to the URI, if not in range raise to violation forbidden? Any Suggestions?

Forum Discussion

Blocking URI

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 is Almost Here

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

2026 301a exam

F5OS login with admin/root failed via console

Related Content

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

Post of the Week: Blocking a Specific URI

Block IP after a number of ASM Blocks

Massive DDoS, DanaBot Dismantled, Scraped Discord Messages and Signal Blocks Windows Recall

Block traffic

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS