Forum Discussion

Nimbostratus

Oct 25, 2015

Blocking POST with ASM?

Hi, I am wondering if there is anyway to disallow the usage of POST using an ASM policy? It seems to be allowed by default with no way to uncheck? Thanks, Dan

ASM Advanced WAF

security

samstep

Cirrocumulus

Dec 02, 2015

If you need to disable POST globally (e.g. you have a virtual server only serving static content) then one way of doing this is via an iRule.

when HTTP_REQUEST {
    if {[HTTP::method] eq "POST"} {
      reject
    }
}

In ASM policy you can stop POST going through by setting the POST data length to 0 on the File Type and enabling blocking on "Illegal POST data length" violation.

Hope this helps,

Sam

Forum Discussion

Blocking POST with ASM?

Recent Discussions

Enterprise Security best practices with F5 WAF

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

Related Content

Block traffic

domain blocking

Post of the Week: Blocking a Specific URI

Block IP after a number of ASM Blocks

Response and blocking page