RegEX ASM Allowed URL list

Hi,

 

To consolidate allowed URL list in ASM policy, i have created Allowed URL with RegEX for session id in URL, I have used RegEX tool available on F5 GUI under OPTIONS >> Application Security : RegExp Validator to check the Regex i have configured and it is matching as per my requirement. But under allowed URL list i see many url added to URL list which should actually match to allowed URL with Regex. What could be the reason?

 

Example : Allowed URL configured /admin/messages/([a-zA-Z0-9]){22}/delete

 

• I did 3 test using Regex tool

Test 1when i use Regex tool to check /admin/messages/([a-zA-Z0-9]){22}/delete in RegExp and /admin/messages/08qHyksmdfe0k0sjnm5821/delete in Test String and click validate

 

I get below Validate Result Valid RegExp : Yes First RegExp Match : /admin/messages/08qHyksmdfe0k0sjnm5821/delete

 

Test 2 /admin/messages/([a-zA-Z0-9]){22}/delete in RegExp and 08qHyksmdfe0k0sjnm5821 in Test String and click validate

 

I get below Validate Result Valid RegExp : Yes First RegExp Match : 08qHyksmdfe0k0sjnm5821

 

Test 3 Removed last 1 in the test string /admin/messages/([a-zA-Z0-9]){22}/delete in RegExp and 08qHyksmdfe0k0sjnm582 in Test String and click validate

 

I get below Validate Result Valid RegExp : Yes First RegExp Match : No Matches.

 

From above three test we can conclude regex is configured properly. Then why i see new urls(related to regex) in allowed URL list, actually new request with new session id should match the regex and the request should be allowed. Policy should not add one more new URL in the allowed URL?

 

I have removed that URL from staging and policy is in transparent mode

 

What could be the reason? hope i'm not missing anything while configuring URL

 

Thanks, Sachin