asm irule to unblock upon violation based on type
Hello, I created a custom attack signature to block access to WSDL and sets Attack Type to "Information Leakage". Works fine and blocks stuff. blabla.com/ws/test?wsdl gets blocked. Now I needed it unblocked for certain destinations. I added an iRule to unblock it in case it is a destination in the list datagroup_webservice-prod for example entry from the datagroup is /ws/test2 Checked the trigger iRule box in ASM under proper policy. iRule has been attached to the service. What it should do: Someone accesses a wsdl, gets blocked, iRule is activated and checks if url violation is "Information Leakage" and if the destination is in the datagroup, if yes, then unblocks the access and lets the user through. blabla.com/ws/test = ok blabla.com/ws/test?wsdl = blocked Accessing /ws/test2?wsdl = blocked though it should be unblocked. Can someone check if the iRule looks OK?
