Forum Discussion

Nimbostratus

Feb 04, 2021

How do I block a user access to a directory within my website?

I'm running ASM in 15.1.2.

How do I block a user access to a directory within my website? For eg: I want to allow all URLs on my website but wp-content/uploads/testfolder/forms/*

As shown above, I want to block anything that is in that specific folder.

Can I do it using disallowed URLs setting?

ASM Advanced WAF

security

Enes_Afsin_Al
Feb 04, 2021
Hi Sharath413,
Yes, you can use disallowed URLs policy for ASM.
https://support.f5.com/csp/article/K29418033#p2
Or iRule:
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/wp-content/uploads/testfolder/forms/" && [IP::client_addr] ne "your_ip_address" } { drop } }

Enes_Afsin_Al
MVP
Feb 04, 2021
Hi Sharath413,
Yes, you can use disallowed URLs policy for ASM.
https://support.f5.com/csp/article/K29418033#p2
Or iRule:
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/wp-content/uploads/testfolder/forms/" && [IP::client_addr] ne "your_ip_address" } { drop } }
Sharath413
Nimbostratus
Feb 04, 2021
I have added the URL along with a wildcard at the end in config utility. It seems to be working as desired. I had to enable block and alarm in learning and blocking settings.

Forum Discussion

How do I block a user access to a directory within my website?

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

F5 Websites Accessibility Survey

F5 Website Accessibility Survey

Troubeshooting website connection

Fake website, Gmail guideline, GPS spoofing, OWASP LLM, Jan 1st–5th F5SIRT This Week in Security

Release Notes: DevCentral Website

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS