Forum Discussion

Cirrostratus

Jul 26, 2017

Geoblock exception based on user agent

Hi, We have Geo-blocking enabled for one of our apps and want to allow access from a third party tool that has a very specific user agent. Is it possible to allow requests from a geo blocked loc...

Cirrocumulus

Jul 30, 2017

You can do it with an iRule which checks the User-Agent Header to be the one you want to white-list and then unblocks that request using ASM::unblock

Here is a sample iRule (replace 'My Magic User Agent' with User-Agent you need):

when ASM_REQUEST_DONE {
  foreach {viol} [ASM::violation names] {
    if { $viol eq "VIOLATION_ILLEGAL_GEOLOCATION" } {
      if { [HTTP::header "USER-AGENT"] contains "My Magic User Agent" } {
         ASM::unblock
    }     
    }
  }

}

Hope this helps,

Sam

P.S. Remember to enable 'Trigger ASM iRule Events' in your policy properties!

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Geoblock exception based on user agent

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Exception for GeoBlocked Country. Without Allow-Listing a specific IP

except ip from asm logging

Demystifying Time-based OTP

Redirect all request except few path

Cookie-based DDoS protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS