Simple WordPress login protection, using cookie insert
I'm trying to deny access to the default login page on our WordPress site, when going straight to the login page (/wp-login.php), by redirecting you to /access-denied. But if you know the "secret" page, https://[HTTP::host]/secretpage , then the iRule should put a cookie in your browser, then redirect you to the actual login page, and now allow you to login. Any suggestions on how this could be done? Tried something like this, but not getting the expected result: when HTTP_REQUEST { if {[string tolower [HTTP::path]] equals "/secretpage"} { HTTP::cookie insert name "SecretWP" value "1" HTTP::redirect https://[HTTP::host]/wp-login.php } if {[string tolower [HTTP::path]] contains "/wp-login.php" and (![HTTP::cookie exists "SecretWP"])} { HTTP::respond 200 content "Rejected! Cookie names: [HTTP::cookie names]" } } In the end I added a HTTP::respond 200 content, for HTTP::cookie names, for troubleshooting, but the cookie I tried to insert was not in the list. Made this iRule sort of based on an example I found on the F5 site, but most other example seems to always add the cookie insert when HTTP_RESPONSE, so I'm wondering if that's the problem? Can't do an insert when HTTP_REQUEST? / Per
[Solved] F5 ASM learning new parameters while being in blocking mode
Hello, I'm using a cluster of F5 BIG-IP in version 13 w/ ASM in order to protect a Wordpress website. The ASM module is in blocking mode for the Wordpress ASM profile. I have manually added 2 new allowed parameters in the ASM profile and have enabled the staging mode on them. Will the F5 cluster be able to do some learning on these parameters even though ASM is in blocking mode ? Thank you.