Forum Discussion

Nimbostratus

Jul 09, 2025

Solved

F5 XC and Service Policy/HTTP path

Hi Team, We are migrating some ASM policies to the XC platform. However, the customer has a long list of URLs allowed by the ASM policy. I understand that the Service Policy on XC is the functional...

Nikoolayy1
Jul 10, 2025
Yes that is the limit in a XC service policy rule just make more rules in the same service policy with allow action each having 16 urls. Make one 1 default deny rule at the end. You can use "Next policy" action if you want other checks like geolocations etc. in a service policy after this one. Make certain to have allow all policy at the end if you are chaining multiple policies.

Keep in mind that a wildcard url for example /test/* is migrated with the service policy prefix match option. If the wildcard it at the start */test/ use suffix match and if it is in the middle then regex match will be needed like /te.*st/

Also this is a static feature and I recommend checking XC API discovery/protection that will learn the allowed URL API paths.

Nikoolayy1

MVP

Jul 10, 2025

Yes that is the limit in a XC service policy rule just make more rules in the same service policy with allow action each having 16 urls. Make one 1 default deny rule at the end. You can use "Next policy" action if you want other checks like geolocations etc. in a service policy after this one. Make certain to have allow all policy at the end if you are chaining multiple policies.

Keep in mind that a wildcard url for example /test/* is migrated with the service policy prefix match option. If the wildcard it at the start */test/ use suffix match and if it is in the middle then regex match will be needed like /te.*st/

Also this is a static feature and I recommend checking XC API discovery/protection that will learn the allowed URL API paths.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

F5 XC and Service Policy/HTTP path

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 Rules for AWS WAF - Common Vulnerabilities & Exposures Mitigate Log4J vulnerabilities

Credentialed Scanning - F5OS - Rseries

WebSocket connection to 'wss://...' failed: Invalid frame header

f5 asm reporting aggregate

rSeries 4600 additional Core Enable

Related Content

SSL Orchestrator Service Extensions: DoH Guardian

Community Learning Path: Multi-Cloud Networking

Cross Site Scripting (XSS) Exploit Paths

Double Trouble: Multiple Controllers Handling the Same Kubernetes LoadBalancer Service

SSL Orchestrator Service Extensions: User Coaching

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS