07-Nov-2021 05:18
Hi Experts,
I have a requirement to exclude WAF for all URI's that include api/mobile. WAF should function normally for other URL/URI's
Any guidelines on how to achieve this via HTTP policy or irules.
07-Nov-2021 06:10
Hi Danish,
I think you could achieve your goal with Local Traffic Policy for ASM. This KB article will provide guidance:
https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/41.html
I can imagine a simple policy like this:
Match all of the following conditions:
HTTP URI path contains "api/mobile" at request time
Do the following when the traffic is matched:
Disable ASM at request time