irule for whitelist under certain path

Create a datagroup to store your exceptions and use an iRule like this

when HTTP_REQUEST {
    if {[HTTP::uri] starts_with "/yyy"} {
        if {!([class match [HTTP::uri] contains "exceptions_datagroup"])} {
            reject
        }
    }   
}

I would recommend to use string tolower in front of.

when HTTP_REQUEST {
    if {[string tolower [HTTP::uri]] starts_with "/yyy"} {
     .......

Hi,

You can use this code:

when HTTP_REQUEST {
    set reqBlock 0
    if {[HTTP::uri] starts_with "/yyy"} {
        if {!([class match [HTTP::uri] contains "exceptions_datagroup"])} {
            set reqBlock 1
        }
    }
}

when ASM_REQUEST_DONE {
     Block not allowed request with ASM if enabled. Raise ASM user defined violation FILTER_IRULE_VIOLATION
    if {$reqBlock} {
        set violation_details [list [list Reason iRule_Event]]
        lappend violation_details [list Filter URI_Not_Allowed]
        }
        ASM::raise FILTER_IRULE_VIOLATION $violation_details
    }
}

when HTTP_REQUEST_SEND {
     Block not allowed request with HTTP 403 code if ASM did not.
    if {$reqBlock} {
        clientside {
            HTTP::respond 403 -version "1.1" content "Request RejectedYou are not authorized to access this page" noserver Connection Close
        }
    }
}

before Applying this code, do following configuration:

• create a new violation FILTER_IRULE_VIOLATION in Security ›› Options : Application Security : Advanced Configuration : Violations List
• In the policy configuration Security ›› Application Security : Policy : Policy Properties, enable Trigger ASM iRule Events
• In Policy blocking settings Security ›› Application Security : Policy Building : Learning and Blocking Settings, enable Block and Alarm for the violation FILTER_IRULE_VIOLATION

Thank you for all the responses -

In the end I used the IRULE I wrote as mentioned above but what was missing was the V on "trigger ASM IRULE events" and that's why the rule didn't seem to work.

Thanks,

Vered