Forum Discussion
AltostratusTurn off File type check for a specific URL and disable event log
I used below iRule for not blocking HTTP request when illegal file type violation is detected
when ASM_REQUEST_DONE {
if { [HTTP::uri] starts_with "/&siteid=" && [ASM::violation count] < 5 } { if { [ASM::violation_data] contains "VIOLATION_OBJ_TYPE"} { ASM::unblock } } else { More than one violation, too dangerous to Unblock return } }
It is documented at the below link
https://devcentral.f5.com/questions/turn-off-file-type-check-for-a-specific-url-55306
However, while "ASM::unblock" indeed unblocking the request, it will also generate an event log. Is there any way to disable this event log for this particular violation?
MSZ_221163Nimbostratus
Please share the violation details... Try to Disable: illegal File Type form Learning and Blocking Setting
Noushad_Vellad1disabling illegal file type form Learning and Blocking Setting will disable it at the policy level.
I want specific violations to be unblocked and event logs suppressed.
For eg:- I want to disable for URLs like https://example.com/users/joe.anthony etc
At the same time, file type check should be ON for other URLs
I could unblock using above posted iRule. But it still generates an event in event logs. I want to disable the events also.
- Abed_AL-R
Cirrostratus
Hi
Did you manage to solve this?
I'm looking for the same
Ivan_ChernenkiiEmployee
If you don't want to block specific file type, then it make sense to define it as allowed on "Security ›› Application Security : File Types : Allowed File Types" page. e.g. for https://example.com/users/joe.anthony you can define "anthony" file type as allowed.
Thanks, Ivan