Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Block access to one specific URL containing a keyword from ASM

iRule
Cirrus
Cirrus

‎12-Mar-2023 01:40

Dear Support,

Using ASM, I need to block access to one specific URL if request contains a keyword  "KHTML". All other URLs requsts containing "KHTML" should not be blocked.

Kindly support in this regards

 

Labels:
0 Kudos
1 REPLY 1

Daniel_Wolf
Nacreous
Nacreous

‎12-Mar-2023 05:41

Hi @iRule,

yes, that's possible. One way to achieve this would be:

1. Create an Attack Signature that looks for .khtml in the query string and assign it to the ASM policy.

Daniel_Wolf_1-1678624613454.png

2. Create a wildcard URL where you want to block the khtml extension, like /subfolder1/*, in the allowed URLs.

Daniel_Wolf_0-1678624554643.png

3. Add the Signature to your ASM policy.
4. Create an exception for any URL, not use the attack signature. In my example, I created an exception for the wildcard (*) URL.

Daniel_Wolf_2-1678624713243.png

This way the block-khtml Attack Signature will only be applied to the Allowed URL you created.

KR
Daniel

Copyright © 2023 Khoros, LLC