Forum Discussion

Mark_22062

Nimbostratus

Aug 26, 2013

Custom Signature in ASM

I am trying to create a custom signature that detects a number of Nuisance URLs that are being thrown at our site, but am having a few issues with the syntax of the rule. I've read through the ASM s...

Nimbostratus

Aug 26, 2013

Hi Ido, That isn't really practical as the URLs being requested are fairly random but all contain the http keyword or some other keywords we would never use. I had generated an irule that seemed to do the trick but was looking at using ASM to implement instead. The irule I used was in conjunction with a string datagroup. when HTTP_REQUEST { set uriclass "MalURI[URI::basename [virtual name]]" Check that URI is sanitised set luri [string tolower [HTTP::uri]] if { [class match $luri contains $uriclass] } { HTTP::respond 200 content "Company Name\Naughty Naughty" log local0. "URI is $luri" } }

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Custom Signature in ASM

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

ASM Custom Signatures, oh my!

F5 AWAF/ASM Bot protection custom signature does not allow the traffic

Customized Bot Signature not working

Live Update- ASM attack signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS