Forum Discussion

Icon for Cirrus rank

Cirrus

Nov 07, 2021

Exclude WAF for a particular URI

Hi Experts,

I have a requirement to exclude WAF for all URI's that include api/mobile. WAF should function normally for other URL/URI's

Any guidelines on how to achieve this via HTTP policy or irules.

ASM Advanced WAF

Erwin_de_Brouwer
Nimbostratus
Nov 07, 2021
Hi Danish,
I think you could achieve your goal with Local Traffic Policy for ASM. This KB article will provide guidance:
https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/41.html

I can imagine a simple policy like this:

Match all of the following conditions:
HTTP URI path contains "api/mobile" at request time
Do the following when the traffic is matched:
Disable ASM at request time

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming