F5 AWAF Bot Defense Whitelist
According to https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations-14-1-0/configuring-bot-defense.html, having whitelists can speed up access time to the website. Is it because WAF will not check those whitelisted URLs coming to the web site, thereby making it faster? (Faster when users access the web site because less traffic to be validated by WAF?)
iRule newbie - Whitelisting IP address for Spesific URL and Attack Pattern
Hello community, One of our third party applications have false-positive blocks for spesific attack pattern, which we want to whitelist, but as our f5 support explained that it cannot be done to a spesific IP, it needs to be url and pattern based without ip limitation. Im not expecting much, what is the reason behind it? Performance? Is this can be done?, IP: x.x.x.x Pattern: 200002034 - SQL-INJ "ifnull" URL:"/path/to/excluded/url1" Your comments are valuable! Chatgpt output for exact same question, but couldnt tested it. when ASM_REQUEST { # Get the client IP address set client_ip [IP::client_addr] # Get the URL path from the request set url [HTTP::uri] # List of URLs to exclude from security checks set excluded_urls { "/path/to/excluded/url1" "/path/to/excluded/url2" "/path/to/excluded/url3" # Add more URLs as needed } # Define the attack pattern to exclude set excluded_attack_pattern "2000010101" # Check if the client IP, requested URL, and attack pattern match the criteria if { $client_ip eq "x.x.x.x" && [lsearch -exact $excluded_urls $url] != -1 && [ASM::policy has_attack $excluded_attack_pattern] } { ASM::disable } }
[ASM] Actual parameter name is not actual parameter
Hi All, i have a illegal request that triggered illegal meta character in parameter name, in violation details explain that "actual parameter name" in my thought is not actually parameter name, the request and violation detail capture on below. how can i whitelist if this actual parameter name is random value? not consist a word like param1, param2, etc
