For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sharath413's avatar
Sharath413
Icon for Nimbostratus rankNimbostratus
Jan 29, 2021

How can I allow few pages in a website and block all?

Hi F5 community,

I am new to F5 and still learning the console. Few days ago I was asked to configure F5 to block all but few pages in a website. Our web link format is as follows:
http://example.company.com:7077/pls/apex/f?p=769:9:0::NO:3:N6_COUNTY
Static Portion                                    always              http://example.company.com:7077/pls/apex/f?p=
Application Number                        for example    769
A list of colon separated items
                                                               i.      Application Page                for example    :9
                                                             ii.      Application Parameters    for example    :0::NO:3:N6_COUNTY,P3_TYPE,P3_SORT:3,A,R

The requirement is to allow 6 applications(app numbers and everything to it's right in that URL) and block all requests. On F5, I am showing the URL as "/pls/apex/f" . I don't think I can achieve this by URL config. How can I get this working?

Thank you.
ASM Advanced WAF
security

3 Replies

  • Sharath413's avatar
    Sharath413
    Icon for Nimbostratus rankNimbostratus
    Feb 01, 2021

     Thank you so much for your comment. It is really helpful but I'm new to iRules and so wondering if I can do the same with ASM security profile instead?

    Please advise.

  • Ivan_Chernenkii's avatar
    Ivan_Chernenkii
    Icon for Employee rankEmployee
    Feb 20, 2021

    You need to do next:

    1) Create all allowed URLs on "Security ›› Application Security : URLs : Allowed URLs : Allowed HTTP URLs" page

    2) Remove pure wildcard (*) URL (if exists)

    3) Enable Alarm and Block for "Illegal URL" violation

     

    Thanks, Ivan