Forum Discussion

Nimbostratus

Aug 08, 2023

iRule newbie - Whitelisting IP address for Spesific URL and Attack Pattern

Hello community, One of our third party applications have false-positive blocks for spesific attack pattern, which we want to whitelist, but as our f5 support explained that it cannot be done to ...

Moderator

Aug 08, 2023

I think it can be done, but not w/ an ASM irule. I can't write this now, as I'm sick and on quick, but the idea is to take the asm policy off the vip, then use an irule like this:

when http_request, check URI.
if uri matches [list of disallowed uris], exit the irule.
else, if no match, apply ASM policy.

I am going to tell you, though.. depending on traffic levels, this could get computationally expensive.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule newbie - Whitelisting IP address for Spesific URL and Attack Pattern

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Efficient Method to Compare F5 Configurations

F5 Big-IQ read-only API username creation.

email alert when service restarts

all possible Domain names that F5 may need to communicate to

irule that presents certificate doesn´ t run in TLSv1.3

Related Content

BIG-IP Next for Kubernetes, addressing today’s enterprise challenges

The BIG-IP Application Security Manager Part 6: IP Address Intelligence and Whitelisting

Global Blacklist or Whitelist

CSV to Address External Datagroup File

Decoding the IPv4 address from the persistence cookie

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS