Email Addresses as part of URL?

Question

I have a customer that is using email addresses as part of a URL path.  This causes a few issues with file types, requiring me to allow things like .com (which I would prefer to block as executable). &nbsp;
What is the best way to approach this issue?&nbsp;

yoann_le_corvi1 · Answer

Hi&nbsp;
What I have used in the past for that is the ASM::unblock&nbsp;
With a more precise regex, match the URL with email addresses (send us an example if you want I'll try to help with the regex 🙂 ), and for thos URL, if a violation of type ILLEGAL FILE TYPE is triggered then unblock it.&nbsp;
An exemple in my code :&nbsp;
if { $uri starts_with "/app/rpc"} {
    if { $asmviolation equals "VIOLATION_ATTACK_SIGNATURE_DETECTED"  || $asmviolation equals "VIOLATION_METACHAR_IN_DEF_PARAM"} {
        log local0. "DEBUG!! ASM EXCEPTION - ALLOW $uri - VIOLATION : $asmviolation"
        ASM::unblock
        }
}

You can also group your exceptions regex in a datagroup.&nbsp;
Hope this helps.&nbsp;

Forum Discussion

Email Addresses as part of URL?

1 Reply

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

SkyNet Is Coming For Email First... Thankfully!

Certificate Expiry Email alert configuration

F5 Automation with PowerShell - Part 1

Understanding Modern Application Architecture - Part 1

Securing and Scaling Hybrid Application with F5 NGINX (Part 1)