F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Victor_Soares's avatar
Victor_Soares
Icon for Nimbostratus rankNimbostratus
4 years ago

iRule to Allow acess to /wp-admin

Hello guys, I have a site protected by ASM that works on WordPress, it was requested that an exception to be created for the path /wp-admin, because they are receiving several blocks on access to the...
ASM Advanced WAF
iRules
security
Victor_Soares's avatar
Victor_Soares
Icon for Nimbostratus rankNimbostratus
4 years ago

Both of the alerts are matching at the   img tag: src/dynsrc/lowsrc (Parameter) signature in /wp-admin/* path

spalande's avatar
spalande
Icon for Nacreous rankNacreous
4 years ago

well, it's not getting blocked because you have not allowed the URL.

It's getting blocked because of the ASM signature triggered or HTTP compliance setting (I still can't see the exact reason as you have not shared it). But either way you would need to fine tune the ASM policy further to allow this request.

If you want to completely disable ASM inspection on this path, you can create LTM policy and disable ASM for this path or iRule as below. But the recommended way would be to fine tune ASM policy in learning mode and whitelist the signatures as required on that path

when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::uri]]  {
	      "/wp-admin*" 
		{
            ASM::disable
	    } default {
	        return
	       }
	}
 }