irule to limit parameter and it's values on certain URL

Question

Hi,&nbsp;
I need help with an iRule for the following situation - &nbsp;
This specific ASM policy has no URL limits (set to WC), but there is a certain URL that we need to have enabled only for the following situation - a single parameter with two values. I need to disable all other options for this URL - i.e., to disallow all other parameters and for that specific parameter to enable only these two values.&nbsp;
I have a prepared ASM violation that I want to raise for this particular event.&nbsp;
Any ideas?&nbsp;
Thanks :-D&nbsp;
Vered&nbsp;

yann_desmarest · Answer

Hi,
You can insert an irule within HTTP or ASM events to make sure that your requirement is respected : 
when HTTP_REQUEST {
    if { [HTTP::path] eq "/x/y/z" } {
        set param1 [URI::query [HTTP::uri] param1]
        set param_array [split [regsub -all {&amp;=|&amp;$} [URI::decode [URI::query [HTTP::uri]]] {}] "&amp;"]
        set param_count [llength $param_array]
        if { !(($param1 eq "value1" or $param1 eq "value2") and ($param_count == 1)) } {
             drop, reject, generate ASM violation, ...
        }
    } 
}

Regards
Yann

Forum Discussion

irule to limit parameter and it's values on certain URL

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

Parameter Value - Regular Expression

ASM blocked request contains & (ampersand) symbol in parameter value

HTTPS Routing based on Client Certificates values with F5 Distributed Cloud

Brute Force protection for single parameter like OTP

Wildcard Parameter signature attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS