Forum Discussion

Nimbostratus

Feb 04, 2021

Solved

How do I block a user access to a directory within my website?

I'm running ASM in 15.1.2.

How do I block a user access to a directory within my website? For eg: I want to allow all URLs on my website but wp-content/uploads/testfolder/forms/*

As shown above, I want to block anything that is in that specific folder.

Can I do it using disallowed URLs setting?

ASM Advanced WAF

security

Enes_Afsin_Al
Feb 04, 2021
Hi Sharath413,
Yes, you can use disallowed URLs policy for ASM.
https://support.f5.com/csp/article/K29418033#p2
Or iRule:
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/wp-content/uploads/testfolder/forms/" && [IP::client_addr] ne "your_ip_address" } { drop } }

2 Replies

Enes_Afsin_Al
MVP
Feb 04, 2021
Hi Sharath413,
Yes, you can use disallowed URLs policy for ASM.
https://support.f5.com/csp/article/K29418033#p2
Or iRule:
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/wp-content/uploads/testfolder/forms/" && [IP::client_addr] ne "your_ip_address" } { drop } }
Sharath413
Nimbostratus
Feb 04, 2021
I have added the URL along with a wildcard at the end in config utility. It seems to be working as desired. I had to enable block and alarm in learning and blocking settings.