Forum Discussion

nclarke's avatar
nclarke
Icon for Nimbostratus rankNimbostratus
Jan 25, 2024

Help excluding URLs from HTTP Protocol violations in ASM

I am having a problem where a network health ping /checkhealth is hitting several sites multiple times a second creating 100,000s of events a week.  It is getting blocked because it has an IP address in the header instead of the FQDN. I know the requests are legitimate, and want to allow them.

My issue is that I still want to keep the blocking the "header containing IP address" rule on these sites, but it looks like even if I create the /checkhealth URL exception it is only looking at attack signatures and not the vulnerability/HTTP compliance rules. They are also using a wide range of IP addresses. So there isn't an easy way to just whitelist the IPs.

What is the best way I can made the WAF policy ignore those requests completely? Is my only option creating a custom L7 Policy or a custom iRule, or is there an easier route? (ibig-ip VE 15.1) Thanks!

1 Reply

  • Hello,

     

    I'm not getting exactly your requets, but from my understanding there is kind of health check from several IPs towards the F5 VIP, and the policy assigned to this VIP is blocking those health check requests because of the host header contains an IP address, am I right?

     

    if yes, you can check those options.

    1. You can add a white list that contains a list of IPs using IP address exception, and select "never Block this IP Address".
    2. Disable ASM when matching with data group that contain list of IPs

    https://clouddocs.f5.com/api/irules/ASM__disable.html

     

    Thanks, 

    Mohamed Salah