Is there any possibility to create a rule on the F5 ASM restricting IP based access to a L7 request?
are you just wanting to block an IP address? Something like this?
if IP address = x.x.x.x
The ASM can do several things regarding IP address actions (IP Intelligence, geolocation, etc). Just wanted to make sure I understand the question here.
You can configure "Allowed URLs" and "Disallowed URLs" on your ASM. If you only want someone to access a single URL, you can simply include only that URL in the "Allowed" list. To configure this, you can navigate to Security > Application Security > URLs > Allowed URLs.
Disallowed URLs in the ASM are URLs in your web application that are not allowed by the security policy. For example, if your web application is located at https://www.abc.com and you wanted to explicitly deny access to URL https://www.abc.com/hacker, then you could add that URL to your Disallowed URL list, and users would get blocked if they tried to access it (you would just add /hacker to your Disallowed URL list).
Depending on what you wanted to do, an iRule could achieve the same result, but it's always best to use the built-in functionality instead of an iRule whenever you can (it's more efficient that way).
Here's a link to an ASM article I wrote (it discusses URL configuration)...I hope it helps! https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-3-the-importance-of-file-types-parameters-and-urls
Hi all. I was looking for something similar. I would like to allow access to a specific URL path coming from specific IP addresses. I'm not sure if this can be done by using ASM. Siyadh did you finally manage to find a solution regarding this case ?