Blocking URI

Question

Hello&nbsp;
I need to block a URI /example.ashx?f=WXR&amp;auser=1134&nbsp;
i created a custom violation called VIOLATION_FORBIDDEN and created the below iRule and apply it on the VS. But it is not working, and in the security event logs i am able to see this URI as legal request. 
But when i write in the iRule /example.ashx?f it is stopping it but other function on the applications are stopped too, so this is not a solution.&nbsp;
Any idea?&nbsp;
when HTTP_REQUEST {
  set reqBlock 0
  if {([string tolower [HTTP::uri]] contains "/example.ashx?fn=WXR&amp;auser=1134")}  {
  set reqBlock 1
  }
}&nbsp;
when ASM_REQUEST_DONE {
  if { $reqBlock == 1} {
    ASM::raise VIOLATION_FORBIDDEN
  }
}&nbsp;

lee_sutcliffe · Answer

you are using string tolower but comparing it against a string that has upper case characters. 
Try changing to this:
if {([string tolower [HTTP::uri]] contains "/example.ashx?fn=wxr&amp;auser=1134")} {

jesse_green_347 · Answer

This is great and something I think I can use however I need help adding logic to allow the URI above if client IP is a private range. example 10.x.x.x/8 allow internal users to the URI, if not in range raise to violation forbidden? Any Suggestions?

Forum Discussion

Blocking URI

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

Related Content

Block traffic

domain blocking

Block IP after a number of ASM Blocks

Post of the Week: Blocking a Specific URI

allow one url from blocks geolocation