Forum Discussion
Turn off File type check for a specific URL
Hi, we have some dynamic urls that from time to time will include a fullstop. Is is possible to disable only the illegal file type check for uris that start with "/foo/foo1/"? I would not want to disable ASM entirely, just the illegal file type check.
Or if there is another way to deal with this scenario to prevent client selections with fullstop in it from being interpreted as an illegal file type, it would be great to hear how others are working with this type of scenario. Thank you.
when ASM_REQUEST_DONE { if { [HTTP::uri] starts_with "/&siteid=" && [ASM::violation count] < 5 } { if { [ASM::violation_data] contains "VIOLATION_OBJ_TYPE"} { ASM::unblock } } else { More than one violation, too dangerous to Unblock return } }
I have made only minor modification to what Arnaud has done here: https://devcentral.f5.com/questions/irule-for-asm
- saidshow_251381Cirrostratus
when ASM_REQUEST_DONE { if { [HTTP::uri] starts_with "/&siteid=" && [ASM::violation count] < 5 } { if { [ASM::violation_data] contains "VIOLATION_OBJ_TYPE"} { ASM::unblock } } else { More than one violation, too dangerous to Unblock return } }
I have made only minor modification to what Arnaud has done here: https://devcentral.f5.com/questions/irule-for-asm
- Abed_AL-RCirrostratus
Great irule
But I think you meant by counting violations this:
[ASM::violation count] <= 1
not:
ASM::violation count] < 5
- nag_54823Cirrostratus
Hi , You can achieve it through irule . Make sure you enable Trigger ASM iRule Events in ASM policy.
when ASM_REQUEST_DONE {
if {([HTTP::host] equals "test.test.com") and ([string tolower [HTTP::uri]] contains ".exe") and ([ASM::violation_data] contains "VIOLATION_OBJ_TYPE" ) } { ASM::unblock } }
- saidshow_251381Cirrostratus
Hi nag, I like this iRule. What you have there does look like it would only prevent blocking on a specific file type such as ".exe" in your example. Since the requests I am looking at that are referral ids, they may be something like "adsa.cchh3" or "0.87dsajb232.adsa" and details past the "." are always unique as a result I don't expect that this would work.
The URI does start with &siteid=, however I do not want to completely disable ASM such as I am doing with the iRule below.
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/&siteid=" } { ASM::disable } }
I would prefer to just disable the illegal file type check however I am unsure of the violation type. I will work on this - I will print everything to screen so that I find the details. Thank you for your help.
- Stanislas_Piro2Cumulonimbus
Hi,
you can create 2 ASM policies:
- one with no file type blocking
- one with file type blocking and list configured.
one the LTM policy enabling the ASM policy, create a new rule above with condition "/foo/foo1/" and assign the no file type blocking ASM policy.
If you are working in version 13 , you can create a policy as parent and both ASM policies are child policies of the parent. this allow to configure only one policy.
- Noushad_Vellad1Altostratus
I used the irule specified by saidshow. ASM::unblock indeed unblocks the request. However it is also generating an event log. Is there anyway to disable event log also?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com