Filter Specific ajax requests under a URL and grant access accordingly

Question

Hi All,&nbsp;
I have special requirement for the ASM to check on "xyz" parameter and only grand access to the web server if the value of the parameter is mapmap or xy_get_data.&nbsp;
I created the parameter under parameters and linked it to the specific URL, enable blocking on the blocking page. However, i am not able to know where i can specify the values mapmap or xy_get_data.&nbsp;
Thanks in advance.&nbsp;
Regards&nbsp;
Hussein&nbsp;

arnaud_lemaire · Answer

Hello Hussein,&nbsp;
i'm not sure ASM is really able to do that. what you could implement :&nbsp;
a LTM policy to allow or reject based on the presence of this parameteran irule doing the same with the possibility to trigger an asm violation in this casea signature in ASM (but i'm not sure if with can implement negative matching)

samstep · Answer

If your parameter is only allowed to have two permitted values create it as a static parameter type in your policy and add your allowed values as static values. Make sure "Allow Empty Value" is un-ticked. Make sure your policy is blocking on violation: "Illegal static parameter value" .&nbsp;
That's it!&nbsp;

Forum Discussion

Filter Specific ajax requests under a URL and grant access accordingly

2 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Show or List F5 XC Routes in the Web

Related Content

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

APM-Specific Features for Securing Your Website

Logging DNS Requests

Using Client Subnet in DNS Requests

Disabling Specific Weak Cipher Suites

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS