Email Addresses as part of URL?

Question

I have a customer that is using email addresses as part of a URL path.  This causes a few issues with file types, requiring me to allow things like .com (which I would prefer to block as executable). &nbsp;
What is the best way to approach this issue?&nbsp;

yoann_le_corvi1 · Answer

Hi&nbsp;
What I have used in the past for that is the ASM::unblock&nbsp;
With a more precise regex, match the URL with email addresses (send us an example if you want I'll try to help with the regex 🙂 ), and for thos URL, if a violation of type ILLEGAL FILE TYPE is triggered then unblock it.&nbsp;
An exemple in my code :&nbsp;
if { $uri starts_with "/app/rpc"} {
    if { $asmviolation equals "VIOLATION_ATTACK_SIGNATURE_DETECTED"  || $asmviolation equals "VIOLATION_METACHAR_IN_DEF_PARAM"} {
        log local0. "DEBUG!! ASM EXCEPTION - ALLOW $uri - VIOLATION : $asmviolation"
        ASM::unblock
        }
}

You can also group your exceptions regex in a datagroup.&nbsp;
Hope this helps.&nbsp;

Forum Discussion

Email Addresses as part of URL?

Recent Discussions

ASM Export JSON - size Limit ?

Can i apply ddos profile on virtual server using port range

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

'F5 rules for AWS WAF' ruleset not working for jsp web shell attack

Related Content

Transparent load balancing in Azure, Part 2

Certificate Expiry Email alert configuration

F5 Automation with PowerShell - Part 1

SkyNet Is Coming For Email First... Thankfully!

Understanding Modern Application Architecture - Part 1

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS