Forum Discussion
Right, I've tested this and it does indeed work.
To expand on the above, the application we are protecting uses REST API calls. A client, as part of its request, sends through an ID in the URL. The ID is unique to each client, and with potentially thousands of clients, must be dealt with using a wildcard.
However, there are other calls the client can make that also require sending the ID, but appended is another folder/service. For example:
Call 1 from client = [HOST]/account/
Call 2 from client = [HOST]/account//product
Not sure if this is possible but can we have it so that we can wildcard the first call, e.g. '/account/*' & thus take care of the unique IDs in the requests, but also ensure that should a client request anything past the 'product' service, get blocked? So for example a client requesting the following would be blocked:
[HOST]/account//product/someotherservice
Initial thoughts suggest no, this isn't possible because the wildcard (/account/*) would mean that literally anything past 'account' would be permitted. Just trying to understand the art of the possible here.
Thank you.
Hello,
if it is just URI restrion I advise you to do this by IRULE. you do not need to do this operation on the ASM. If so, I can provide you the IRULE that will answer your needs.
Regards