Forum Discussion

D99's avatar
Icon for Cirrus rankCirrus
Nov 07, 2021

Exclude WAF for a particular URI

Hi Experts,


I have a requirement to exclude WAF for all URI's that include api/mobile. WAF should function normally for other URL/URI's


Any guidelines on how to achieve this via HTTP policy or irules.

1 Reply

  • Hi Danish,

    I think you could achieve your goal with Local Traffic Policy for ASM. This KB article will provide guidance:


    I can imagine a simple policy like this:


    Match all of the following conditions:

    HTTP URI path contains "api/mobile" at request time

    Do the following when the traffic is matched:

    Disable ASM at request time