Allow access to 2 wildcard URIs from internet and allow all URIs from internal organization network

Question

Dear Community,I received a requirement from application gateway team that they need to expose only two URIs to internet consumers and all URIs should be accessable to internal organnization users.Wildcard URIs Allowed from Internetxyz.com/abc/asdf/morning/*&nbsp;xyz.com/abc/asdf/evening/*All&nbsp; URIs allowed from internal origanization private IPsxyz.com/*Please inform how I can accomplish this from ASM policy

enes_afsin_al · Answer

Hi,
It's easier to do with iRule or LTM policy.
when HTTP_REQUEST {
	if { not ([class match [IP::client_addr] equals /Common/private_net]) } {
		switch -glob [HTTP::uri] {
			"/abc/asdf/morning/*" -
			"/abc/asdf/evening/*" {
				return
			}
			default {
				drop
				return
			}
		}
	}
}
If you want to do it with WAF, you need two WAF policy. One for the internal network, the other for the external network. And you need to set these policies with LTM policy or iRule.

In the external waf policy, you should to add the allowed URLs and remove the wildcard URL in the Allowed URLs list.

Illegal URL violation values must be enable in Learning and Blocking Settings.

Forum Discussion

Allow access to 2 wildcard URIs from internet and allow all URIs from internal organization network

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Protect an application exposed on Internet with F5 XC WAAP

Wildcard Parameter signature attack

Cyberattacks at Banks and Financial Services Organizations

F5 APM VPN Choking Internet Bandwidth