Best practice for Allowed URLs

Question

Hi,&nbsp;

What is the best practice to create an Allowed URLs list
for a huge website that contains blogs and uses a URL generator.
The website contains more than 60,000 page?&nbsp;

is it necessary to configure a list of Allowed and NOT-Allowed URLs?&nbsp;

Thanks&nbsp;

stephanmanthey · Answer

Hi Majda,
from my perspective it is best practice to use an iRule with a "[class match [string tolower [HTTP::path]] starts_with ]" condition.
The datagroup will be of type string and contains a whitelist (allowed list) of allowed paths in lower-case format as keys (no values required).
You will find tons of working examples here on DC.
The "class" wiki page will be a good start.
Please avoid using the legacy syntax of "matchclass" or "findclass" and datagroups with the "$::" prefix!
With current TMOS versions it should not be a problem to use a datagroup of this size.
I would recommend, to work with a so called external datagroup (stored as a separate file in the TMOS filestore, which can be easily updated).
Thanks, Stephan   
PS: Just noticed the "Application Security Manager" (ASM) tag in your post. My response refers to standard "Local Traffic Manager" (LTM) features.

Forum Discussion

Best practice for Allowed URLs

1 Reply

Recent Discussions

BigIP Next - Health Monitors / Template

LDAPS and renegotiation

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Related Content

AS3 Best Practice

F5 Certified Practice Exams

Cipher Suite Practices and Pitfalls

Security Best Practices for BIG-IP & BIG-IQ systems

Managing Kubernetes Traffic With F5 NGINX: A Practical Guide