Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Exclude WAF for a particular URI

D99
Cirrus
Cirrus

Hi Experts,

 

I have a requirement to exclude WAF for all URI's that include api/mobile. WAF should function normally for other URL/URI's

 

Any guidelines on how to achieve this via HTTP policy or irules.

1 REPLY 1

Erwin_de_Brouwer
Nimbostratus
Nimbostratus

Hi Danish,

I think you could achieve your goal with Local Traffic Policy for ASM. This KB article will provide guidance:

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/41.html

 

I can imagine a simple policy like this:

 

Match all of the following conditions:

HTTP URI path contains "api/mobile" at request time

Do the following when the traffic is matched:

Disable ASM at request time