Forum Discussion

wooyun_368482

Nimbostratus

Jan 16, 2019

Why can't I be intercepted on Awaf by configuring Request Content AND does not contain string? What's the reason?

ASM Advanced WAF

security

samstep

Cirrocumulus

Jan 20, 2019

It looks like your requirement is to allow only two URLs in your ASM policy to protect an API, however what you are trying to do is to write a an attack signature which will block all requests and only allow API ones. This is inefficient and difficult to configure and debug as you may have noticed.

A better and cleaner approach would be to simply create those two API URLs (ending *r_code and *r_key) as the only allowed URLs in the policy (e.g. delete the * wildcard) and make sure that 'Illegal URL' is set to 'Block' - that's it! All other requests will be blocked automatically without a need to write and maintain custom Attack Signatures.

Forum Discussion

Why can't I be intercepted on Awaf by configuring Request Content AND does not contain string? What's the reason?

Recent Discussions

Wildcard SSL Certificate Deployment on F5 LTM

iRule resulting in too many redirects

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

URL

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Related Content

LTM Diameter iRules and Profile Configurations with Support for Server Initiated Request

Logging DNS Requests

Getting Started with BIG-IP Next: Configuring Instance High Availability

Certificate Expiry Email alert configuration

Advanced Threat Mitigations via SSL Intercept