For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kaoutar's avatar
kaoutar
Icon for Cirrus rankCirrus
Nov 03, 2020

unblock filetype for specific URL with matching expression

Hi, I have created an iRule to unblock requests with the illegal filetype violation triggered and specially for those URI started with a specific value and the path matches a specific expression, but it doesn't work, can anyone help me

when ASM_REQUEST_DONE {

if { ([HTTP::uri] starts_with "/abc/") &&

  ([HTTP::path] matches_regex {*.[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]}) 

&& ([ASM::violation count] >= 1) 

&& [ASM::violation_data] contains "VIOLATION_OBJ_TYPE"} { 

    ASM::unblock 

  }}

BIG-IP
iRules
security

3 Replies

  • Simon_Blakely's avatar
    Simon_Blakely
    Icon for Employee rankEmployee
    Nov 04, 2020

    Break the monolithic if statement down into nested if statements, and add logging so you can see the results of each step

    when ASM_REQUEST_DONE {
  if { ([HTTP::uri] starts_with "/abc/") } {
    log local0. "URI [HTTP::uri] starts with /abc/"
    if {([HTTP::path] matches_regex {*.[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]})} { 
	  log local0. "PATH [HTTP::path] matches the regex"
      if { ([ASM::violation count] >= 1) } {
	     log local0. "ASM violation count greater than 1 = [ASM::violation count]"
         if {[ASM::violation_data] contains "VIOLATION_OBJ_TYPE"} {
           log local0. "ASM violation data contains VIOLATION_OBJ_TYPE - unblocking"		 
           ASM::unblock 
		 }
	  }
	}
  }
}