Forum Discussion

sys-halt_219917's avatar
sys-halt_219917
Icon for Nimbostratus rankNimbostratus
Sep 01, 2015

Block a specific URL that only ends with a specific keyword

Hello,

 

is it possible to block a specific URL (https based) that ENDS only with a specific keyword?

 

for example if I have a domain example.com and I want to only block: https://example.com/Logon and https://example.com/Logon/login

 

But at the same time I want any URL that CONTAINS the keyword Logon or login not to get blocked too.

 

for example: https://example.com/Logon/login?service=

 

so I can have the below results: https://example.com/Logon[BLOCK] https://example.com/Logon/login [BLOCK] https://example.com/Logon/login?service=[ALLOW]

 

Thank you,

 

2 Replies

  • Try that:

    In the URL : https://example.com/Logon/login?service=

    • HTTP::host is example.com
    • HTTP::path is /Logon/login
    • HTTP::query is service=
    • HTTP::uri is /Logon/login?service=

    .

    when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::path]] {
        "*/logon" -
        "*/logon/login" {
            if {[HTTP::query] equals ""} {
                HTTP::respond 404 content {
                    
                        
                            Access denied
                        
                        
                        Access denied
                        
                    
                    } noserver
                return
            }
        }
    }
    
  • Your requirement is not quite clear.

    Do you actually need to block URLs with specific keywords like "Logon" or just any URLs which don't have any parameters?

    If you just need to block the URL without parameters you can simply make the parameters mandatory on wildcard URLs:

    "*/Logon" 
    "*/Logon/login"
    

    and block if mandatory parameters are missing (e.g. parameter named "service" as per your example)

    Another way is to create a custom ASM signature - refer to SOL15241:

    https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15241.html

    Hope this helps, Sam