Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

allow one url from blocks geolocation

Go to solution
Mohamedabogamil
Nimbostratus
Nimbostratus

‎02-Nov-2023 01:33

i have published service from waf and i block urls on  all country except KSA and i have one url allowed from aruba i used below i rule but its didn't work

hen HTTP_REQUEST {
if { ([string tolower [HTTP::uri]] eq "GET /Arabic/MediaCenter/News/Pages/Infectious-Disease-Week.aspx HTTP/1.1") and ([whereis [IP::client_addr] country] ne " Sweden") } {
ASM::unblock
} else {
return
}
}

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Niels_van_Sluis
MVP
MVP
In response to Mohamedabogamil

‎02-Nov-2023 09:51

Also make sure that the Trigger ASM iRule Events setting is enabled in your security policy. See: Solved: Where in F5 ASM do I enable the Trigger ASM iRule ... - DevCentral

It also helps to add more logging to your iRule, so you can see if the event is hit at all.

View solution in original post

4 REPLIES 4

Go to solution
Niels_van_Sluis
MVP
MVP

‎02-Nov-2023 02:48

It seems your first if statement is wrong, because it lowers all strings in [HTTP::uri] and then it is compared to a string which includes uppercase characters. So there will never be a match. Second, the '[whereis ip country]" command returns a string containing the two-letter country code. So it will not match 'Sweden'.  And the ASM::unblock command can't be used in the HTTP_REQUEST event.

See:

So, your iRule should be more like:

when ASM_REQUEST_DONE {
    if { ([string tolower [HTTP::uri]] eq [string tolower "/Arabic/MediaCenter/News/Pages/Infectious-Disease-Week.aspx"]) and ([whereis [IP::client_addr] country] ne "SE") } {
        ASM::unblock
        log local0. "[ASM::violation_data]. Unblocked for [IP::client_addr]"
    } else {
        return
    }
}

 

 

0 Kudos

Go to solution
Mohamedabogamil
Nimbostratus
Nimbostratus
In response to Niels_van_Sluis

‎02-Nov-2023 03:49

thanks for the reply but I tried it and asm still blocks the request. any advise for different irule 

0 Kudos

Go to solution
Niels_van_Sluis
MVP
MVP
In response to Mohamedabogamil

‎02-Nov-2023 09:51

Also make sure that the Trigger ASM iRule Events setting is enabled in your security policy. See: Solved: Where in F5 ASM do I enable the Trigger ASM iRule ... - DevCentral

It also helps to add more logging to your iRule, so you can see if the event is hit at all.

Go to solution
Mohamedabogamil
Nimbostratus
Nimbostratus

‎06-Nov-2023 02:38

Thanks for you reply 

0 Kudos
Copyright © 2023 Khoros, LLC