cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Exclude WAF for a particular URI

Danish
Altocumulus
Altocumulus

Hi Experts,

 

I have a requirement to exclude WAF for all URI's that include api/mobile. WAF should function normally for other URL/URI's

 

Any guidelines on how to achieve this via HTTP policy or irules.

1 REPLY 1

Erwin_de_Brouwer
Nimbostratus
Nimbostratus

Hi Danish,

I think you could achieve your goal with Local Traffic Policy for ASM. This KB article will provide guidance:

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/41.html

 

I can imagine a simple policy like this:

 

Match all of the following conditions:

HTTP URI path contains "api/mobile" at request time

Do the following when the traffic is matched:

Disable ASM at request time