Forum Discussion
saidshow_251381
Cirrostratus
CirrostratusTurn off File type check for a specific URL
Hi, we have some dynamic urls that from time to time will include a fullstop. Is is possible to disable only the illegal file type check for uris that start with "/foo/foo1/"? I would not want to dis...
when ASM_REQUEST_DONE { if { [HTTP::uri] starts_with "/&siteid=" && [ASM::violation count] < 5 } { if { [ASM::violation_data] contains "VIOLATION_OBJ_TYPE"} { ASM::unblock } } else { More than one violation, too dangerous to Unblock return } }I have made only minor modification to what Arnaud has done here: https://devcentral.f5.com/questions/irule-for-asm
nag_54823Cirrostratus
CirrostratusHi , You can achieve it through irule . Make sure you enable Trigger ASM iRule Events in ASM policy.
when ASM_REQUEST_DONE {
if {([HTTP::host] equals "test.test.com") and ([string tolower [HTTP::uri]] contains ".exe") and ([ASM::violation_data] contains "VIOLATION_OBJ_TYPE" ) } { ASM::unblock } }
saidshow_251381Hi nag, I like this iRule. What you have there does look like it would only prevent blocking on a specific file type such as ".exe" in your example. Since the requests I am looking at that are referral ids, they may be something like "adsa.cchh3" or "0.87dsajb232.adsa" and details past the "." are always unique as a result I don't expect that this would work.
The URI does start with &siteid=, however I do not want to completely disable ASM such as I am doing with the iRule below.
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/&siteid=" } { ASM::disable } }I would prefer to just disable the illegal file type check however I am unsure of the violation type. I will work on this - I will print everything to screen so that I find the details. Thank you for your help.