Forum Discussion

Mike_Maher's avatar
Mike_Maher
Icon for Nimbostratus rankNimbostratus
Sep 07, 2017

Custom Attack Signature to block request with No UA or Referer

I want to be able to check and see if the request is missing both the User-Agent String and the Referer, and possibly block the request. So I know I can do this with an iRule, but I am wanting to tr...
ASM Advanced WAF
attack signatures
security
nag_54823's avatar
nag_54823
Icon for Cirrostratus rankCirrostratus
Sep 11, 2017

Hi Mike,

I'm not sure if it's possible to attach mandatory header conditions per URL. But you can whitelist if an URI is blocked because of MISSING MANDATORY HEADER. You can use below irule. Make sure Trigger ASM iRule Events is enabled in Policy.

1) create a DG for hosts that need to whitelist 2) create a DG for URI that need to whitelist

    when ASM_REQUEST_DONE {

if { [ class match [HTTP::host] equals host_dg ] and [string tolower [HTTP::uri]] contains "uri_dg" and ([ASM::violation_data] contains "VIOLATION_MISSING_MANDATORY_HEADER" ) } { ASM::unblock } }