Forum Discussion

Nimbostratus

Aug 08, 2023

iRule newbie - Whitelisting IP address for Spesific URL and Attack Pattern

Hello community, One of our third party applications have false-positive blocks for spesific attack pattern, which we want to whitelist, but as our f5 support explained that it cannot be done to ...

Moderator

Aug 08, 2023

I think it can be done, but not w/ an ASM irule. I can't write this now, as I'm sick and on quick, but the idea is to take the asm policy off the vip, then use an irule like this:

when http_request, check URI.
if uri matches [list of disallowed uris], exit the irule.
else, if no match, apply ASM policy.

I am going to tell you, though.. depending on traffic levels, this could get computationally expensive.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

iRule newbie - Whitelisting IP address for Spesific URL and Attack Pattern

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

CSV to Address External Datagroup File

The BIG-IP Application Security Manager Part 6: IP Address Intelligence and Whitelisting

SNAT IP address logging

Redirect Spesific URI

Ipv6 address

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS