NimbostratusASM Newbie Question. Policy learning is offering option to allow file type. I want to allow, but not for entire application but only for specific URL. I did not see option to specify under Application Security - File Types or Allowed URL, but I could be missing something. Any suggestions?
EmployeeWe don't have a feature that lets you allow a file type only for a specific URL. As an alternative approach, you can use the ASM::unblock iRule command to unblock any request that gets blocked as a result of containing this particular file type that needs to be allowed for a URL.
For example, if "aspx" is the file type you want to allow only for a particular URL and that URL is, say, /index.aspx, then you can use an iRule similar to the following to have ASM unblock the request that it blocked in the first place (with 'Illegal File Type'):
when ASM_REQUEST_DONE {
if {[ASM::violation names] contains "VIOLATION_OBJ_TYPE" and [string tolower [HTTP::uri]] contains "/index.aspx"}
{
ASM::unblock
log local0. "ASM unblocking [HTTP::uri]"
}
}
Make sure you have 'Trigger ASM iRule Events' option enabled for the relevant policy under Security Policy Properties section to ensure ASM iRule events get triggered.
For more info: https://devcentral.f5.com/wiki/irules.asm__violation_data.ashx https://devcentral.f5.com/wiki/irules.asm__unblock.ashx https://devcentral.f5.com/wiki/iRules.ASM_REQUEST_DONE.ashx
CumulonimbusHi,
File type filters on extension of the URL.
If you want to allow only CSS file type in folder /css/, define the following wildcard URL:
/css/*.css