Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

iRule to Allow acess to /wp-admin

Victor_Soares
Nimbostratus
Nimbostratus

‎12-Apr-2021 16:50

Hello guys, I have a site protected by ASM that works on WordPress, it was requested that an exception to be created for the path /wp-admin, because they are receiving several blocks on access to the path, I tried to add the path in the section of URL'S allowed but it did not work, I keep receiving the logs and the blocks keep occurring for the path /wp-admin, is there a way or an iRule to perform a bypass in the path /wp-admin so that it is not blocked access?

 

 

Best Regards.

 

Labels:
0 Kudos
8 REPLIES 8

SanjayP
MVP
MVP

‎13-Apr-2021 00:34

What's your current setup? How do you block /wp-admin currently via an iRule or ASM policy?

 

0 Kudos

Victor_Soares
Nimbostratus
Nimbostratus
In response to SanjayP

‎13-Apr-2021 05:01

Hello SanjayP! about hardware we are using 2 i2800 (Active - Passive), about the URL we're only using ASM protection on BIG-IP, don't using any other feature like load balancing or something like that. Currently using default ASM policy, without any iRule, i've tryied to input the path on allowe URL'S but without success.

0 Kudos

SanjayP
MVP
MVP
In response to Victor_Soares

‎13-Apr-2021 05:24

If you are using ONLY "ASM" to disallow URL and you want to allow specific URL then

Navigate to Security -> URL's --> disallowed URL's and remove /wp-admin.

 

If in the allowed URL list (security -> URL -> Allowed URLs) if wildcard (*) is removed, then add the /wp-admin (for explicit) or /wp-admin* for the wildcard. 

 

if you are still receiving ASM blocks, please provid the log snippet for the reason of the ASM block and URL getting blocked.

0 Kudos

Victor_Soares
Nimbostratus
Nimbostratus

‎13-Apr-2021 05:35

Hello SanjayP, currently i'm using the allowed urls method, like the image :

0691T00000CnBYyQAN.pngAt the moment, i had to switch the application to learning mode, but i have an alert after this allowed URL applied and the blocked alert :

 

Keyword match :

0691T00000CnBZXQA3.png1st Path :

0691T00000CnBZwQAN.png2st Path at the same signature :

0691T00000CnBa1QAF.png 

Both was blocked with the Allowed URL'S configured like the 1st image.

 

Thank You.

 

0 Kudos

Victor_Soares
Nimbostratus
Nimbostratus

‎13-Apr-2021 05:35

Both of the alerts are matching at the   img tag: src/dynsrc/lowsrc (Parameter) signature in /wp-admin/* path

0 Kudos

SanjayP
MVP
MVP
In response to Victor_Soares

‎13-Apr-2021 05:46 - last edited on ‎04-Jun-2023 20:58 by Fog

well, it's not getting blocked because you have not allowed the URL.

It's getting blocked because of the ASM signature triggered or HTTP compliance setting (I still can't see the exact reason as you have not shared it). But either way you would need to fine tune the ASM policy further to allow this request.

If you want to completely disable ASM inspection on this path, you can create LTM policy and disable ASM for this path or iRule as below. But the recommended way would be to fine tune ASM policy in learning mode and whitelist the signatures as required on that path

when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::uri]]  {
	      "/wp-admin*" 
		{
            ASM::disable
	    } default {
	        return
	       }
	}
 }
0 Kudos

Victor_Soares
Nimbostratus
Nimbostratus

‎13-Apr-2021 06:02

Thank You Sanjay, there is a way to to the same thing applying an rule in local traffic policy ? Like "HTTP URI path contains any of /wp-admin at request then disable asm at request time ? like the image belllow :

 

0691T00000CnBewQAF.png

0 Kudos

SanjayP
MVP
MVP
In response to Victor_Soares

‎13-Apr-2021 06:43

Yes, you can use LTM policy or iRule to completely bypass ASM.

0 Kudos
Copyright © 2023 Khoros, LLC