Forum Discussion
Stanislas_Piro2
Jul 04, 2017Cumulonimbus
Hi,
you can manage it with an irule (store 302 redirect URL parameter in a table) and raise a ASM user-defined violation if the URL is not in table. (not tested)
when HTTP_RESPONSE {
if {[HTTP::status] equals 302 && [set id [URI::query [HTTP::header Location] myparameter]] ne ""} {
table set -subtable resetPassword $myparameter 0 7200
}
unest id
}
when HTTP_REQUEST {
set reqBlock 0
if {([HTTP::path] equals "/reset/url") && ([set id [URI::query [HTTP::uri] myparameter]] ne "") && !([table lookup -subtable resetPassword $id])} {
set reqBlock 1
}
unset id
}
when ASM_REQUEST_DONE {
Block not allowed request with ASM if enabled. Raise ASM user defined violation FILTER_IRULE_VIOLATION
if {$reqBlock} {
set violation_details [list [list Reason iRule_Event]]
lappend violation_details [list Filter Denied_URL]
ASM::raise FILTER_IRULE_VIOLATION $violation_details
}
}