Forum Discussion

Noushad_Vellad1's avatar
Noushad_Vellad1
Icon for Altostratus rankAltostratus
Nov 29, 2018

Turn off File type check for a specific URL and disable event log

I used below iRule for not blocking HTTP request when illegal file type violation is detected

 

when ASM_REQUEST_DONE {

 

if { [HTTP::uri] starts_with "/&siteid=" && [ASM::violation count] < 5 } { if { [ASM::violation_data] contains "VIOLATION_OBJ_TYPE"} { ASM::unblock } } else { More than one violation, too dangerous to Unblock return } }

 

It is documented at the below link

 

https://devcentral.f5.com/questions/turn-off-file-type-check-for-a-specific-url-55306

 

However, while "ASM::unblock" indeed unblocking the request, it will also generate an event log. Is there any way to disable this event log for this particular violation?

 

ASM Advanced WAF
security

4 Replies

Sort By
  • MSZ_221163's avatar
    MSZ_221163
    Icon for Nimbostratus rankNimbostratus
    Nov 29, 2018

    Please share the violation details... Try to Disable: illegal File Type form Learning and Blocking Setting

     

  • Noushad_Vellad1's avatar
    Noushad_Vellad1
    Icon for Altostratus rankAltostratus
    Dec 01, 2018

    disabling illegal file type form Learning and Blocking Setting will disable it at the policy level.

     

    I want specific violations to be unblocked and event logs suppressed.

     

    For eg:- I want to disable for URLs like https://example.com/users/joe.anthony etc

     

    At the same time, file type check should be ON for other URLs

     

    I could unblock using above posted iRule. But it still generates an event in event logs. I want to disable the events also.

     

    • Abed_AL-R's avatar
      Abed_AL-R
      Icon for Cirrostratus rankCirrostratus
      Jun 10, 2020

      Hi

       

      Did you manage to solve this?

      I'm looking for the same

  • Ivan_Chernenkii's avatar
    Ivan_Chernenkii
    Icon for Employee rankEmployee
    Jun 11, 2020

    If you don't want to block specific file type, then it make sense to define it as allowed on "Security ›› Application Security : File Types : Allowed File Types" page. e.g. for https://example.com/users/joe.anthony you can define "anthony" file type as allowed.

     

    Thanks, Ivan