wsdl access blocked using custom signature - unblock certain URLs

Hello,

I have created a custom attack signature which blocks access when someone tries to access /webservice?wsdl (regex maps wsdl in the query part of url) with description "Information Leakage".

I have a few services which are under the same ASM policy but need wsdl file access.

for example /test44?wsdl and /test23423?wsdl

I think the easiest solution would be to trigger an iRule on violation which checks if the URL is in the list where this access should be allowed and then would override the block.

So I guess it would be something like this:

when ASM_REQUEST_VIOLATION { 
 set x [ASM::violation_data]

 for {set i 0} { $i < 7 } {incr i} { 
  switch $i { 
   0 { log local0. "attack_type=[lindex $x $i]" } 
   1 { log local0. "violation=[lindex $x $i]" } 
   2 { log local0. "support_id=[lindex $x $i]" } 
   3 { log local0. "web_application=[lindex $x $i]" } 
   4 { log local0. "severity=[lindex $x $i]" } 
   5 { log local0. "source_ip=[lindex $x $i]" } 
   6 { log local0. "request_status=[lindex $x $i]" }
  }
 }

if {([lindex $x 0] contains "ATTACK_TYPE_INFORMATION_LEAKAGE") and ([HTTP::uri] contains ("test44"||"test23423")) } {
 ASM::disable
 }
}

How could I tell the ASM to unblock this without disabling ASM on that URL?