Forum Discussion
m1k3_56519
Nimbostratus
Nimbostratusexclude some paths from signature based ASM
Hello guys,
is it possible to exclude some paths from signature based ASM? For example I've enabled the ASM module for the host www.asm.com and I would like to exclude the path www.asm.com/admin. Is this possible?
thx
hoolioCirrostratus
Hi,
I think you'd need to create a second HTTP class with a URI filter for /admin and use a separate policy with customized attack signatures. You'd want to add the admin HTTP class at the top of the list of classes on the VIP to ensure /admin requests would match that class and all others would go to the default class and corresponding policy.
Aaron
Don_22992I have the same issue, but was wondering if there are any examples of such a customized attack signature.
In the iRule forum, there are several threads on how to block access to certain pages of a virtual server. For example, we want to allow access to
http://my.domain.com/login
http://my.domain.com/report
etc...
...and want to block access to:
http://my.domain.com/webconsole
Several of the forums mention that to completely block undesired pages, ASM is a better tool to use. Specifically, it implies that ASM would be able to block several different forms of accessing the page maliciously, such as:
http://my.domain.com/%77%65%62%63%6F%6E%73%6F%6C%65
http://my.domain.com/report/../webconsole
etc...
Note that while /webconsole is used as an example, there is a set of such paths. Is there an ASM article to which I can refer that explains specifically how to create a custom ASM signature for this case?- hoolio