Forum Discussion

Cirrus

Feb 24, 2022

Some help with irule to unblock ASM for URIs and matching signature

Hello Team F5! I wish to create irules to disable based on 3 matching conditions: - client IP - x.x.x.x. - URIs and paths: /apis - for all URIs starting with /apis /example/proxy.aspx – Exact pa...

Employee

Feb 26, 2022

davidfisher , your iRule logic seem to be fine, however, could you clarify more the reason why you want this? Is this due a false positive? I've seen similar scenarios where a parameter contained an XML data such as param=<?xml version="1.0"?>... causing some false positive. In that case, you could create a parameter of XML Value instead of 'User input' value. Also, if you don't care much about the source IP, you can disable the signatures at the URL level but then you disable for everybody. This would depend if it is satisfy your security requirements.

Forum Discussion

Some help with irule to unblock ASM for URIs and matching signature

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

BoT Defense Profile, Signature Enforcement

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing

Wildcard Parameter signature attack