Forum Discussion

Nimbostratus

Aug 08, 2023

iRule newbie - Whitelisting IP address for Spesific URL and Attack Pattern

Hello community, One of our third party applications have false-positive blocks for spesific attack pattern, which we want to whitelist, but as our f5 support explained that it cannot be done to ...

Moderator

Aug 08, 2023

I think it can be done, but not w/ an ASM irule. I can't write this now, as I'm sick and on quick, but the idea is to take the asm policy off the vip, then use an irule like this:

when http_request, check URI.
if uri matches [list of disallowed uris], exit the irule.
else, if no match, apply ASM policy.

I am going to tell you, though.. depending on traffic levels, this could get computationally expensive.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

iRule newbie - Whitelisting IP address for Spesific URL and Attack Pattern

Recent Discussions

show system - attribute values

Upgrade F5 BIGIP

iRule: Failure to activate payload

APM integrate with Azure Intune

how to whitelist new source IP on F5 web UI access

Related Content

The BIG-IP Application Security Manager Part 6: IP Address Intelligence and Whitelisting

CSV to Address External Datagroup File

Redirect Spesific URI

DDoS IPI List - Whitelist NTP Servers

DDoS IPI List - Whitelist DNS Servers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS