Forum Discussion

Cirrus

Feb 24, 2022

Some help with irule to unblock ASM for URIs and matching signature

Hello Team F5! I wish to create irules to disable based on 3 matching conditions: - client IP - x.x.x.x. - URIs and paths: /apis - for all URIs starting with /apis /example/proxy.aspx – Exact pa...

Employee

Feb 26, 2022

davidfisher , your iRule logic seem to be fine, however, could you clarify more the reason why you want this? Is this due a false positive? I've seen similar scenarios where a parameter contained an XML data such as param=<?xml version="1.0"?>... causing some false positive. In that case, you could create a parameter of XML Value instead of 'User input' value. Also, if you don't care much about the source IP, you can disable the signatures at the URL level but then you disable for everybody. This would depend if it is satisfy your security requirements.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Some help with irule to unblock ASM for URIs and matching signature

Recent Discussions

Update OWASP score task failed.

Standby Has Fewer Online VIPs Than Active – Requires Manual Monitor Reset

Doesn't serverside ssl disable iRule work in SSLO?

Is there any way to recover the ASM statistics?

DDoS Two-Layer Architecture

Related Content

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack

BoT Defense Profile, Signature Enforcement

Customized Bot Signature not working

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS