Forum Discussion

Nimbostratus

Apr 12, 2019

Email Addresses as part of URL?

I have a customer that is using email addresses as part of a URL path. This causes a few issues with file types, requiring me to allow things like .com (which I would prefer to block as executable)....

ASM Advanced WAF

security

Yoann_Le_Corvi1

Cumulonimbus

Apr 12, 2019

What I have used in the past for that is the ASM::unblock

With a more precise regex, match the URL with email addresses (send us an example if you want I'll try to help with the regex 🙂 ), and for thos URL, if a violation of type ILLEGAL FILE TYPE is triggered then unblock it.

An exemple in my code :

if { $uri starts_with "/app/rpc"} {
    if { $asmviolation equals "VIOLATION_ATTACK_SIGNATURE_DETECTED"  || $asmviolation equals "VIOLATION_METACHAR_IN_DEF_PARAM"} {
        log local0. "DEBUG!! ASM EXCEPTION - ALLOW $uri - VIOLATION : $asmviolation"
        ASM::unblock
        }
}

You can also group your exceptions regex in a datagroup.

Hope this helps.

Forum Discussion

Email Addresses as part of URL?

Recent Discussions

rSeries and tenant upgrades

redirect not working

cat and grep command for rst messages

iRule resulting in too many redirects

When F5OS r2800 appliance reboots, interfaces configured at tenant level for VLAN are lost

Related Content

SkyNet Is Coming For Email First... Thankfully!

Certificate Expiry Email alert configuration

F5 Automation with PowerShell - Part 1

Securing and Scaling Hybrid Application with F5 NGINX (Part 1)

Understanding Modern Application Architecture - Part 1