Forum Discussion

rafaelbn_176840's avatar
rafaelbn_176840
Icon for Altocumulus rankAltocumulus
Jun 10, 2018

Block specific SOAP method without ASM

Hello Devs!

 

Is it possible to block a specific SOAP method without ASM? Could an iRule do this?

 

Thanks!

 

1 Reply

  • Hi,

    You can use an Irule:

    when HTTP_REQUEST {
      if {[string tolower [HTTP::method]] contains "YOUR METHOD"}{
        log local0. "Forbidden HTTP method ([HTTP::method]) attempted by [IP::client_addr]"
        reject
      }
    }
    

    For example, to reject requests containing the TRACE method, enter the following text:

    when HTTP_REQUEST {
      if {[string tolower [HTTP::method]] contains "trace"}{
        log local0. "Forbidden HTTP method ([HTTP::method]) attempted by [IP::client_addr]"
        reject
      }
    }
    

    In your case you can autorize only wanted method !!!

    For more information:

    https://support.f5.com/csp/article/K85840901

    regards